| عنوان | Event Registration System with QR Code - Stored XSS |
|---|
| الوصف | # Exploit Title: Event Registration System with QR Code - Stored XSS
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Here we go to : http://localhost/event/admin/?page=user/list
2. Now in those Parameters "First Name" and "Last Name" put your payload
3. Fill the other details and save the file
4. As we can see our xss has been triggered. |
|---|
| المستخدم | lucifoxer001 (UID 33693) |
|---|
| ارسال | 26/11/2022 03:33 PM (4 سنوات منذ) |
|---|
| الاعتدال | 30/11/2022 11:51 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 214591 [SourceCodester Event Registration System 1.0 list First Name/Last Name البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|