Library Management System 3.0 – “Add Category” Stored XSS

Exploit Database
16 阅读

作者： Kislay Kumar

日期： 2020-12-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49315/

# Exploit Title:Library Management System 3.0 - "Add Category" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://otsglobal.org/
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
# Affected Version: 3.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Admin.

Step 2. Select "Book" from menu and select "Categories" from sub menu and
after that click on "Add Category".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"

Step 4. NowClick on "Save" , Go to "Category" and See last , there you
will get alert box.

last Exploits
Library Management System 3.0 – “Add Category” Stored XSS的更多信息

Sahi pro 8.x – SQL Injection：
FreePBX 2.5.x – Information Disclosure：
BrowserCRM 5.100.1 – ‘framed’ Cross-Site Scripting：
Netgear SPH200D – Multiple Vulnerabilities：
Single Theater Booking Script 3.2.1 – ‘findcity.php?q’ SQL Injection：
ArticleSetup 1.00 – Cross-Site Request Forgery (Change Admin Password)：
Ganib Project Management 2.3 – SQL Injection：
e107 Image Gallery Plugin – ‘name’ Remote File Disclosure：