Responsive E-Learning System 1.0 – Stored Cross Site Scripting

Exploit Database
90 阅读

作者： Kshitiz Raj

日期： 2021-01-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49376/

# Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting
# Date: 2020-12-24
# Exploit Author: Kshitiz Raj(manitorpotterk)
# Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Step 1- Go to url http://localhost/elearning/admin/index.php
Step 2 – Login as admin.
Step 3 – Go to http://localhost/elearning/admin/course.php
Step 4 – click on Edit course (any course)
Step 5 – Enter *Course Year And Section:*as <script>alert()</script> and fill the other values.
Step 6 – Click Save

XSS popup will be triggered.

last Exploits
Responsive E-Learning System 1.0 – Stored Cross Site Scripting的更多信息

FS IMDB Clone – ‘id’ SQL Injection：
WordPress Plugin Tune Library 1.5.4 – SQL Injection：
WordPress Plugin LeagueManager 3.8 – SQL Injection：
SnapProof – ‘page.php’ SQL Injection：
OpenFiler 2.99.1 – Cross-Site Request Forgery：
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 – Unquoted Service Path Privilege Escalation：
MODx manager – ‘/controllers/default/resource/tvs.php?class_key’ Traversal Local File Inclusion：
admidio v4.2.5 – CSV Injection：