| عنوان | Blood Bank Management System - Persistant XSS |
|---|
| الوصف | # Exploit Title: Blood Bank Management System - Persistant XSS
# Exploit Author: Madhur Jain
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html
# Version: v1.0
# Tested on: Parrot GNU/Linux 4.10, Apache
Description:-
A Persistant XSS issue in Blood Bank Management System v.1.0 allows to inject Arbitrary JavaScript in User registration form.
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter:-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Go to http://localhost/bloodbank/index.php?page=users
2. Now click on "New user" and in that "Name" Parameter put the payload
3. Now fill the other details and save it.
4. XSS has been triggered and everytime we load the page it will be triggered
5. We can use Admin cookie to escalate our privilege. |
|---|
| المستخدم | Madhur Jain (UID 37979) |
|---|
| ارسال | 22/12/2022 05:36 PM (4 سنوات منذ) |
|---|
| الاعتدال | 25/12/2022 08:28 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 216774 [SourceCodester Blood Bank Management System 1.0 User Registration index.php?page=users الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|