| 제목 | oretnom23 Task Reminder System 0.1 Cross Site Scripting |
|---|
| 설명 | #Exploit Title: Task Reminder System - Stored XSS
#Exploit Author: Krutika Thakur
#Vendor Name: oretnom23
#Vendor Homepage: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Software Link: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Tested on: Kali Linux, Xampp
#Description:
A Persistent stored XSS issue in Task Reminder System allows to inject Arbitary JavaScript in "System Name" input, under System Information Update feature.
#Payload: ≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(54) //># ≋
#Steps:
1) Login as Admin user
2) Under the "Maintenance" Section, we can see "System Information" tab
3) Once we click on "System Information", we see there is the feature to update the name under "System Name".
4) Insert the given payload in the "System Name" input and hit "Update" button below.
5) Once Updated we can see that our payload is executed everywhere, wherever the name is reflected once saved.
|
|---|
| 사용자 | lucifoxer001 (UID 33693) |
|---|
| 제출 | 2025. 01. 03. AM 11:44 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 14. AM 09:29 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 291481 [SourceCodester Task Reminder System 1.0 Maintenance Section System Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|