20 lines
No EOL
625 B
Text
20 lines
No EOL
625 B
Text
# Exploit Title: Queue Management System 4.0.0 - "Add User" Stored XSS
|
|
|
|
# Exploit Author: Kislay Kumar
|
|
# Date: 2020-12-21
|
|
# Google Dork: N/A
|
|
# Vendor Homepage: http://codekernel.net/
|
|
# Software Link: https://codecanyon.net/item/queue-management-system/22029961
|
|
# Affected Version: Version 4.0.0
|
|
# Patched Version: Unpatched
|
|
# Category: Web Application
|
|
# Tested on: Kali Linux
|
|
|
|
Step 1. Login as admin.
|
|
|
|
Step 2. Select "Users" from menu and click on "Add User .
|
|
|
|
Step 3. Insert payload - "><svg/onload=alert(1)> in "Firtst Name" , " Last
|
|
Name "and " Email ".
|
|
|
|
Step 4. Now open "User List " from menu and you will get alert box. |