Multi Branch School Management System 3.5 – “Create Branch” Stored XSS

Exploit Database
17 阅读

作者： Kislay Kumar

日期： 2020-12-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49316/

# Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-21
# Google Dork: N/A
# Vendor Homepage: https://www.ramomcoder.com/
# Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324
# Affected Version: 3.5
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select "Branch" from menu and after that click on "Create Branch".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Branch Name" ,
"School Name" , "Mobile No." , "Currency" , "Symbol" , "City" and "State".

Step 4. NowClick on "Save" andyou will get a list of alert boxes.

last Exploits
Multi Branch School Management System 3.5 – “Create Branch” Stored XSS的更多信息

WordPress Plugin Supsystic Pricing Table 1.8.7 – Multiple Vulnerabilities：
Xplico 0.5.7 – ‘add.ctp’ Cross-Site Scripting (2)：
Matrix MLM Script 1.0 – Information Disclosure：
Simple PHP Agenda 2.2.8 – Cross-Site Request Forgery (Add Admin / Add Event)：
osCMax 2.5 – ‘/admin/geo_zones.php?zID’ Cross-Site Scripting：
Online Exam Test Application Script 1.6 – ‘exams.php?sort’ SQL Injection：
Infocus Real Estate Enterprise Edition Script – Authentication Bypass：
WordPress Plugin Pretty Link 1.4.56 – Multiple Cross-Site Scripting Vulnerabilities：