Class Scheduling System 1.0 – Multiple Stored XSS

• Exploit Database
• 37 阅读

• 作者： Aakash Madaan
  日期： 2020-12-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49323/

• # Exploit Title:Class Scheduling System 1.0 - Multiple Stored XSS
  # Exploit Author: Aakash Madaan (Godsky)
  # Date: 2020-12-22
  # Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html
  # Software Link: https://www.sourcecodester.com/download-code?nid=5175&title=Class+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
  # Affected Version: Version 1
  # Category: Web Application
  # Tested on: Parrot OS
  
  [+] Step 1. Login to the application with admin credentials
  
  [+] Step 2.1(a). Click on "Department" page.{Uri :http(s)://<host>/admin/department.php}
  Step 2.1(b). In the "Person Incharge" field, use XSS payload '"><script>alert("Department")</script>' as the name of new course and click on save.
   [ Note : The XSS can also be triggered if we put the same payload in "Title" field ]
  Step 2.1(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered.
  
  [+] Step 2.2(a). Click on "Subject" page.{Uri :http(s)://<host>/admin/subject.php}
  Step 2.2(b). In the "Subject Code" field, use XSS payload '"><script>alert("Subject")</script>' as the name of new course and click on save.
   [ Note : The XSS can also be triggered if we put the same payload in "Title" field ]
  Step 2.2(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject", your XSS Payloads will be triggered.
  
  [+] Step 2.3(a). Click on "Course" page.{Uri :
  http(s)://<host>/admin/course.php}
  Step 2.3(b). In the "Course Year" field, use XSS payload '"><script>alert("Course")</script>' as the name of new course and click on save.
   [ Note : The XSS can also be triggered if we put the same payload in "Major" field ]
  Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Course", your XSS Payloads will be triggered.
  
  [+] Step 2.3(a). Click on "Record" page.{Uri :http(s)://<host>/admin/record.php}
  Step 2.3(b). In the "Name" field, use XSS payload '"><script>alert("Record")</script>' as the name of new course and click onsave.
   [ Note : The XSS can also be triggered if we put the same payload in "Academic Rank" or "Designation" field ]
  Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Record", your XSS Payloads will be triggered.
  
  [+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payload will be triggered.