Library Management System 3.0 – “Add Category” Stored XSS

• Exploit Database
• 99 阅读

• 作者： Kislay Kumar
  日期： 2020-12-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49315/

• # Exploit Title:Library Management System 3.0 - "Add Category" Stored XSS
  # Exploit Author: Kislay Kumar
  # Date: 2020-12-22
  # Google Dork: N/A
  # Vendor Homepage: https://otsglobal.org/
  # Software Link: https://codecanyon.net/item/library-management-system-22/16965307
  # Affected Version: 3.0
  # Patched Version: Unpatched
  # Category: Web Application
  # Tested on: Kali Linux
  
  Step 1. Login as Admin.
  
  Step 2. Select "Book" from menu and select "Categories" from sub menu and
  after that click on "Add Category".
  
  Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"
  
  Step 4. NowClick on "Save" , Go to "Category" and See last , there you
  will get alert box.
  

  Python

  Copy