제출 #100625: Simple Bakery Shop Management System - Stored XSS정보

제목Simple Bakery Shop Management System - Stored XSS
설명# Exploit Title: Simple Bakery Shop Management System - Stored XSS # Exploit Author: Krishnakant Tiwari # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html # Software Link: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description: A Stored XSS issue in Simple Bakery Shop Management System allows to inject Arbitrary JavaScript in "Full Name" Parameter when we are adding a new user in User List Page. Parameter: Add New = Full Name Payload: <script>prompt(document.domain)</script> Steps: 1) Login as a Admin user 2) Now in that we can see an tab named "User List" in that go to "Add New" 3) The Parameter "Full Name" in this we put our payload. 4) As we can see when we just save the user our payload has been triggered.
사용자
 krishna.t (UID 42731)
제출2023. 03. 12. AM 06:20 (3 연령 ago)
모더레이션2023. 03. 12. AM 08:08 (2 hours later)
상태중복
VulDB 항목202613 [Simple Bakery Shop Management 1.0 ?page=manage_account Username/Full Name 크로스 사이트 스크립팅]
포인트들0

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!