| 标题 | School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected |
|---|
| 描述 | # Exploit Title: School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
# Date: 2022-04-09
# Exploit Author: Mr Empy
# Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Linux
Title:
================
School Club Application System (SCAS) 1.0 - Cross-Site Scripting Reflected
Summary:
================
School Club Application System (SCAS) in version 1.0 is affected by Cross-site Scripting vulnerability due to poor hygiene in a certain parameter. The attacker could take advantage of this flaw to inject arbitrary javascript code to manipulate the victim's browser capabilities.
Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Product:
================
School Club Application System v1.0
Steps to Reproduce:
================
URL: http://target.com/scas/admin/?page=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html? |
|---|
| 用户 | mrempy (UID 24379) |
|---|
| 提交 | 2022-04-09 17時37分 (4 年前) |
|---|
| 管理 | 2022-04-09 20時20分 (3 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 196751 [School Club Application System 1.0 /scas/admin/ page 跨网站脚本] |
|---|
| 积分 | 20 |
|---|