Multi Branch School Management System 3.5 – “Create Branch” Stored XSS

Exploit Database
95 阅读

作者： Kislay Kumar

日期： 2020-12-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49316/

# Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-21
# Google Dork: N/A
# Vendor Homepage: https://www.ramomcoder.com/
# Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324
# Affected Version: 3.5
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select "Branch" from menu and after that click on "Create Branch".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Branch Name" ,
"School Name" , "Mobile No." , "Currency" , "Symbol" , "City" and "State".

Step 4. NowClick on "Save" andyou will get a list of alert boxes.

last Exploits
Multi Branch School Management System 3.5 – “Create Branch” Stored XSS的更多信息

PHP Telephone Directory – Multiple Vulnerabilities：
VelotiSmart WiFi B-380 Camera – Directory Traversal：
Photo Video Album Transfer 1.0 iOS – Multiple Vulnerabilities：
SmarterMail 7.3/7.4 – Multiple Vulnerabilities：
WordPress Plugin TYPO3 ‘t3m_cumulus_tagcloud’ Extension 1.0 – HTML Injection / Cross-Site Scripting：
Phenix 3.5b – SQL Injection：
Joomla! Component Shoutbox Pro – Local File Inclusion：
Flatnux CMS 2013-01.17 – ‘index.php’ Local File Inclusion：