| عنوان | oretnom23 Task Reminder System 0.1 Cross Site Scripting |
|---|
| الوصف | #Exploit Title: Task Reminder System - Stored XSS
#Exploit Author: Krutika Thakur
#Vendor Name: oretnom23
#Vendor Homepage: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Software Link: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Tested on: Kali Linux, Xampp
#Description:
A Persistent stored XSS issue in Task Reminder System allows to inject Arbitary JavaScript in "System Name" input, under System Information Update feature.
#Payload: ≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(54) //># ≋
#Steps:
1) Login as Admin user
2) Under the "Maintenance" Section, we can see "System Information" tab
3) Once we click on "System Information", we see there is the feature to update the name under "System Name".
4) Insert the given payload in the "System Name" input and hit "Update" button below.
5) Once Updated we can see that our payload is executed everywhere, wherever the name is reflected once saved.
|
|---|
| المستخدم | lucifoxer001 (UID 33693) |
|---|
| ارسال | 03/01/2025 11:44 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/01/2025 09:29 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 291481 [SourceCodester Task Reminder System 1.0 Maintenance Section System Name البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|