| Title | Survey Application System - Persistent XSS |
|---|
| Description | # Exploit Title: Survey Application System - Persistent XSS
# Exploit Author: Krishnakant Tiwari
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/16411/survey-application-system-php-and-sqlite3-source-code-free-download.html
# Software Link: https://www.sourcecodester.com/php/16411/survey-application-system-php-and-sqlite3-source-code-free-download.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:
A Persistent XSS issue in Survey Application System allows to inject Arbitrary JavaScript in while adding a new survey in Survey. The Vulnerable parameter is "Title" in which the XSS is getting triggered.
Parameter:
Add New = Title
Payload:
<script>prompt(document.domain)</script>
Steps:
1) Login as a Admin user
2) Now in that we can see an tab named "Surveys" in that go to "Add New"
3) The Parameter "Title" in this we put our payload.
4) As we can see when we just save the user our payload has been triggered. |
|---|
| User | krishna.t (UID 42731) |
|---|
| Submission | 04/07/2023 22:52 (3 years ago) |
|---|
| Moderation | 04/07/2023 23:49 (57 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225329 [SourceCodester Survey Application System 1.0 Add New Title cross site scripting] |
|---|
| Points | 17 |
|---|