| 제목 | Event Registration System with QR Code - Stored XSS |
|---|
| 설명 | # Exploit Title: Event Registration System with QR Code - Stored XSS
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Here we go to : http://localhost/event/admin/?page=user/list
2. Now in those Parameters "First Name" and "Last Name" put your payload
3. Fill the other details and save the file
4. As we can see our xss has been triggered. |
|---|
| 사용자 | lucifoxer001 (UID 33693) |
|---|
| 제출 | 2022. 11. 26. PM 03:33 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 30. AM 11:51 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 214591 [SourceCodester Event Registration System 1.0 list First Name/Last Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|