[webapps] Hostel Management System 2.1 - Cross Site Scripting (XSS)

4 months ago 33
# Exploit Title: Hostel Management System 2.1 - Cross Site Scripting (XSS) # Date: 26/12/2021 # Exploit Author: Chinmay Vishwas Divekar # Vendor Homepage: https://phpgurukul.com/hostel-management-system/ # Software Link: https://phpgurukul.com/hostel-management-system/ # Version: V 2.1 # Tested on: PopOS_20.10 *Steps to reproduce* 1) Open book-hostel page using following url https://localhost/hostel/book-hostel.php 2) Enter xss payload <img src=x onerror=alert(String.fromCharCode(88,83,83));> on various input fields. 3) Server Accepted our Payload in input fileds. Affected input fields: Correspondence Address, Guardian Relation, Permanent Address
Read Entire Article