PHP Stock Management System 1.02 – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 17 阅读

• 作者： Ragha Deepthi K R
  日期： 2014-08-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34405/

• ​# Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities
  in PHP Stock Management System 1.02
  # Date: 25 Aug 2014
  # Exploit Author: ​Ragha Deepthi K R
  # Vendor Homepage: ​http://www.posnic.com/​
  # Software Link:​ http://sourceforge.net/projects/stockmanagement/
  # Version: ​1.02
  # Tested on: Windows 7
  
  #################################################
  ​PHP Stock Management System 1.02​ is vulnerable for ​multiple Persistent
  Cross Site Scripting Vulnerabilit​ies.
  The vulnerability affects 'sname'(Store Name Field), 'address'(Address
  Field), 'place'(Place Field), 'city'(City Field), pin(Pin Field),
  website(Website Field), email(Email Field) parameter​s​ while updating the
  ​store details in 'update_details.php' and when seen in 'view_report.php'
  
  #################################################
  Greetz :​ Syam !​