제출 #59419: Blood Bank Management System - Persistant XSS정보

제목Blood Bank Management System - Persistant XSS
설명# Exploit Title: Blood Bank Management System - Persistant XSS # Exploit Author: Madhur Jain # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Parrot GNU/Linux 4.10, Apache Description:- A Persistant XSS issue in Blood Bank Management System v.1.0 allows to inject Arbitrary JavaScript in User registration form. ` Payload used:- <script>confirm (document.cookie)</script> ` Parameter:- Full Name: <script>confirm (document.cookie)</script> ` Steps to reproduce:- 1. Go to http://localhost/bloodbank/index.php?page=users 2. Now click on "New user" and in that "Name" Parameter put the payload 3. Now fill the other details and save it. 4. XSS has been triggered and everytime we load the page it will be triggered 5. We can use Admin cookie to escalate our privilege.
사용자
 Madhur Jain (UID 37979)
제출2022. 12. 22. PM 05:36 (4 연령 ago)
모더레이션2022. 12. 25. PM 08:28 (3 days later)
상태수락
VulDB 항목216774 [SourceCodester Blood Bank Management System 1.0 User Registration index.php?page=users 이름 크로스 사이트 스크립팅]
포인트들17

이전개요다음

Do you know our Splunk app?

Download it now for free!