EgavilanMedia PHPCRUD 1.0 – ‘Full Name’ Stored Cross Site Scripting

• Exploit Database
• 15 阅读

• 作者： Mahendra Purbia
  日期： 2021-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49484/

• # Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
  # Exploit Author: Mahendra Purbia
  # Vendor Homepage: http://egavilanmedia.com
  # Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
  # Version: 1.0
  # Tested on: Windows 10
  
  Vulnerable Parameters: Full Name
  Steps for reproduce:
   1. go to http://localhost/PHPCRUD/
   2. now click on "add new record" and fill the details (in first name name use :"><svg onload=alert(1)// )
   3. Now reload the page and you will see that our XSS payload executed . Its an Stored XSS.