Regis Inventory And Monitoring System 1.0 – ‘Item List’ Persistent Cross-Site Scripting

• Exploit Database
• 17 阅读

• 作者： George Tsimpidas
  日期： 2021-03-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49713/

• # Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting
  # Exploit Author: George Tsimpidas
  # Date: 2021-03-25
  # Vendor Homepage: www.sourcecodester.com
  # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip
  # Version : 1.0.0
  # Tested on: Kali Linux 2020.4
  # Category: Webapp
  
  # Description
  
  Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category
  
  #PoC
  
  1. Login as admin : http://localhost/regis_inventory/index.php
  2. Visit : http://localhost/regis_inventory/item.php
  3. Click add a New Item and input your payload on "Generic Name" textbox.
  
  Payload : <script>alert("XSS")</script>
  
  4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up