| Title | oretnom23 Task Reminder System 0.1 Cross Site Scripting |
|---|
| Description | #Exploit Title: Task Reminder System - Stored XSS
#Exploit Author: Krutika Thakur
#Vendor Name: oretnom23
#Vendor Homepage: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Software Link: https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html
#Tested on: Kali Linux, Xampp
#Description:
A Persistent stored XSS issue in Task Reminder System allows to inject Arbitary JavaScript in "System Name" input, under System Information Update feature.
#Payload: ≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(54) //># ≋
#Steps:
1) Login as Admin user
2) Under the "Maintenance" Section, we can see "System Information" tab
3) Once we click on "System Information", we see there is the feature to update the name under "System Name".
4) Insert the given payload in the "System Name" input and hit "Update" button below.
5) Once Updated we can see that our payload is executed everywhere, wherever the name is reflected once saved.
|
|---|
| User | lucifoxer001 (UID 33693) |
|---|
| Submission | 01/03/2025 11:44 (1 Year ago) |
|---|
| Moderation | 01/14/2025 09:29 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 291481 [SourceCodester Task Reminder System 1.0 Maintenance Section System Name cross site scripting] |
|---|
| Points | 17 |
|---|