| Titre | Event Registration System with QR Code - Stored XSS |
|---|
| Description | # Exploit Title: Event Registration System with QR Code - Stored XSS
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Here we go to : http://localhost/event/admin/?page=user/list
2. Now in those Parameters "First Name" and "Last Name" put your payload
3. Fill the other details and save the file
4. As we can see our xss has been triggered. |
|---|
| Utilisateur | lucifoxer001 (UID 33693) |
|---|
| Soumission | 26/11/2022 15:33 (il y a 4 ans) |
|---|
| Modérer | 30/11/2022 11:51 (4 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 214591 [SourceCodester Event Registration System 1.0 list First Name/Last Name cross site scripting] |
|---|
| Points | 17 |
|---|