Alumni Management System 1.0 – “Course Form” Stored XSS

• Exploit Database
• 109 阅读

• 作者： Aakash Madaan
  日期： 2020-12-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49286/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  # Exploit Title:Alumni Management System 1.0 - "Course Form" Stored XSS # Exploit Author: Aakash Madaan # Date: 2020-12-10 # Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code # Affected Version: Version 1 # Tested on: Parrot OS     Step 1. Login to the application with admin credentials   Step 2. Click on the "Course List" page.   Step 3. In the "Course Form" field, use XSS payload "<script>alert("course")</script>" as the name of new course and click on save.   Step 4. This should trigger the XSS payload and anytime you click on the "Course List" page, your stored XSS payload will be triggered.