CRUD Operation 1.0 – Multiple Stored XSS

• Exploit Database
• 18 阅读

• 作者： Arnav Tripathy
  日期： 2021-01-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49393/

• # Exploit Title: CRUD Operation 1.0 - Multiple Stored XSS
  # Date: 4/1/2021
  # Exploit Author: Arnav Tripathy
  # Vendor Homepage: https://egavilanmedia.com
  # Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
  # Version: 1.0
  # Tested on: linux / Lamp
  
  Click on add new record. Simply put <script>alert(1)</script> and so on in all parameters. Pop up should come up moment you add the record. If not , simply refresh the page, it should come up.