| Название | Event Registration System with QR Code - Stored XSS |
|---|
| Описание | # Exploit Title: Event Registration System with QR Code - Stored XSS
# Exploit Author: Krutika Thakur
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Software Link: hhttps://www.sourcecodester.com/php/14884/event-registration-system-qr-code-php-free-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A Stored XSS issue in Event Registration System with QR Code v.1.0 allows to inject Arbitrary JavaScript in Edit in "First Name"and " Last Name ".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
Full Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Here we go to : http://localhost/event/admin/?page=user/list
2. Now in those Parameters "First Name" and "Last Name" put your payload
3. Fill the other details and save the file
4. As we can see our xss has been triggered. |
|---|
| Пользователь | lucifoxer001 (UID 33693) |
|---|
| Представление | 26.11.2022 15:33 (4 лет назад) |
|---|
| Модерация | 30.11.2022 11:51 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 214591 [SourceCodester Event Registration System 1.0 list First Name/Last Name межсайтовый скриптинг] |
|---|
| Баллы | 17 |
|---|