[webapps] Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)

4 months ago 33
# Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS) # Google Dork: NA # Date: 03-OCT-2021 # Exploit Author: Akash Rajendra Patil # Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php # Software Link: https://www.yahoobaba.net/project/library-system-in-php # Version: V 1.0 # Tested on: WAMPP # Description # Library System in PHP V1.0 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation. # Proof of Concept (PoC) : #Exploit: 1) Goto: http://localhost/library-system/dashboard.php 2) Login as admin using test credentials: admin/admin 3) Goto: http://localhost/library-system/update-publisher.php?pid=12 4) Enter the following payload in the publisher field: <script>alert(document.cookie)</script> 5) Click on Save 6) Our payload is fired and stored
Read Entire Article