| Título | oretnom23 Task Reminder System 0.1 Cross Site Scripting |
|---|
| Descripción | #Exploit Title: Task Reminder System - Stored XSS
#Exploit Author: Krutika Thakur
#Vendor Name: oretnom23
#Vendor Homepage: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Software Link: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Tested on: Kali Linux, Xampp
#Description:
A Persistent stored XSS issue in Task Reminder System allows to inject Arbitary JavaScript in "System Name" input, under System Information Update feature.
#Payload: ≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(54) //># ≋
#Steps:
1) Login as Admin user
2) Under the "Maintenance" Section, we can see "System Information" tab
3) Once we click on "System Information", we see there is the feature to update the name under "System Name".
4) Insert the given payload in the "System Name" input and hit "Update" button below.
5) Once Updated we can see that our payload is executed everywhere, wherever the name is reflected once saved.
|
|---|
| Usuario | lucifoxer001 (UID 33693) |
|---|
| Sumisión | 2025-01-03 11:44 (hace 1 Año) |
|---|
| Moderación | 2025-01-14 09:29 (11 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 291481 [SourceCodester Task Reminder System 1.0 Maintenance Section System Name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 17 |
|---|