DB: 2020-12-09
2 changes to exploits/shellcodes Online Bus Ticket Reservation 1.0 - SQL Injection Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting
This commit is contained in:
parent
9dd5a95a94
commit
78d4c26b55
3 changed files with 39 additions and 0 deletions
20
exploits/php/webapps/49212.txt
Normal file
20
exploits/php/webapps/49212.txt
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection
|
||||
# Date: 2020-12-07
|
||||
# Exploit Author: Sakshi Sharma
|
||||
# Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html
|
||||
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/busreservation.zip
|
||||
# Version: 1.0
|
||||
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
|
||||
|
||||
|
||||
#Vulnerable Page: admin page
|
||||
|
||||
#Exploit
|
||||
Open the Application
|
||||
check the URL:
|
||||
http://localhost/busreservation/index.php
|
||||
Open Admin Login
|
||||
Enter username: 'or"='
|
||||
Enter password: 'or"='
|
||||
click on login
|
||||
The SQL payload gets executed and authorization is bypassed successfully
|
17
exploits/php/webapps/49215.txt
Normal file
17
exploits/php/webapps/49215.txt
Normal file
|
@ -0,0 +1,17 @@
|
|||
# Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting
|
||||
# Date: 08/12/2020
|
||||
# Exploit Author: Ritesh Gohil
|
||||
# Vendor Homepage: https://www.sourcecodester.com
|
||||
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
|
||||
# Version: 1.0
|
||||
# Tested on: Windows 10/Kali Linux
|
||||
|
||||
Steps to Reproduce:
|
||||
1) Login with Admin Credentials and click on 'Task' button.
|
||||
2) Click on Add New Task Button.
|
||||
3) Now add the following payload input field of Task and Description
|
||||
|
||||
Payload: ritesh"><img src=x onerror=alert(document.domain)>
|
||||
|
||||
4) Click On Save
|
||||
5) XSS payload is triggered.
|
|
@ -43434,3 +43434,5 @@ id,file,description,date,author,type,platform,port
|
|||
49204,exploits/php/webapps/49204.txt,"Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting",2020-12-07,"Pruthvi Nekkanti",webapps,php,
|
||||
49208,exploits/php/webapps/49208.txt,"Savsoft Quiz 5 - 'Skype ID' Stored XSS",2020-12-07,"Dipak Panchal",webapps,php,
|
||||
49209,exploits/php/webapps/49209.txt,"vBulletin 5.6.3 - 'group' Cross Site Scripting",2020-12-07,Vincent666,webapps,php,
|
||||
49212,exploits/php/webapps/49212.txt,"Online Bus Ticket Reservation 1.0 - SQL Injection",2020-12-08,"Sakshi Sharma",webapps,php,
|
||||
49215,exploits/php/webapps/49215.txt,"Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting",2020-12-08,"Ritesh Gohil",webapps,php,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue