| タイトル | Event Registration System with QR Code - Stored XSS |
|---|
| 説明 | # Exploit Title: Event Registration System with QR Code - Stored XSS
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Here we go to : http://localhost/event/admin/?page=user/list
2. Now in those Parameters "First Name" and "Last Name" put your payload
3. Fill the other details and save the file
4. As we can see our xss has been triggered. |
|---|
| ユーザー | lucifoxer001 (UID 33693) |
|---|
| 送信 | 2022年11月26日 15:33 (4 年 ago) |
|---|
| モデレーション | 2022年11月30日 11:51 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 214591 [SourceCodester Event Registration System 1.0 list First Name/Last Name クロスサイトスクリプティング] |
|---|
| ポイント | 17 |
|---|