From 99b8f092133fbe41a4e17d4bff846047643619fc Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 10 Sep 2021 05:02:06 +0000 Subject: [PATCH] DB: 2021-09-10 1 changes to exploits/shellcodes Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS) --- exploits/php/webapps/50272.txt | 22 ++++++++++++++++++++++ files_exploits.csv | 1 + 2 files changed, 23 insertions(+) create mode 100644 exploits/php/webapps/50272.txt diff --git a/exploits/php/webapps/50272.txt b/exploits/php/webapps/50272.txt new file mode 100644 index 000000000..8b0ca8ba4 --- /dev/null +++ b/exploits/php/webapps/50272.txt @@ -0,0 +1,22 @@ +# Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS) +# Date: 2021-09-08 +# Exploit Author: Emre Aslan +# Vendor Homepage: https://phpgurukul.com/ +# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip +# Version: 1.0 +# Tested on: Windows 11 - XAMPP Server + +# Vulnerable page: host/admin/* + +# Vulnerable Code:
Admin[PAYLOAD]
+ +# Vulnerable Parameter: adminname[ POST Data ] + +# Tested Payload: + +# Proof Of Concept: + +# 1 - Login the dashboard +# 2 - Go to /admin/admin-profile.php +# 3 - set admin name with payload +# 4 - xss fires \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 77fa2ada2..a909c6204 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -44393,3 +44393,4 @@ id,file,description,date,author,type,platform,port 50268,exploits/php/webapps/50268.txt,"WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)",1970-01-01,"Nikhil Kapoor",webapps,php, 50269,exploits/php/webapps/50269.py,"WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)",1970-01-01,"Mohin Paramasivam",webapps,php, 50270,exploits/php/webapps/50270.txt,"WordPress Plugin TablePress 1.14 - CSV Injection",1970-01-01,"Nikhil Kapoor",webapps,php, +50272,exploits/php/webapps/50272.txt,"Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)",1970-01-01,"Emre Aslan",webapps,php,