Xeroneit Library Management System 3.1 – “Add Book Category ” Stored XSS

Exploit Database
94 阅读

作者： Kislay Kumar

日期： 2020-12-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49292/

# Exploit Title:Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-18
# Vendor Homepage: https://xeroneit.net/
# Software Link: https://xeroneit.net/portfolio/library-management-system-lms
# Affected Version: Version 3.1
# Tested on: Kali Linux

Step 1. Login to the application as Admin.

Step 2. Select "Book" from menu and click on "Book Category" . Now , click
on "Add" Button.

Step 3. Insert payload - "><img src onerror=alert(1)> ,in "Category Name"
and Save it.

Step 4. Now you will see an alert box .

last Exploits
Xeroneit Library Management System 3.1 – “Add Book Category ” Stored XSS的更多信息

Pragyan CMS 3.0 – SQL Injection：
PIKATEL 96338WS, 96338L-2M-8M – DNS Change：
ICJobSite 1.1 – ‘pid’ SQL Injection：
CMS WebManager-Pro 7.4.3 – Cross-Site Scripting / SQL Injection：
Employee Management System 1.0 – Authentication Bypass：
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 – XML External Entity Injection：
SimpleTransfer 2.2.1 – Command Injection：
ArtiPHP 5.5.0 Neo – ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities：