82075ed5ca
10 changes to exploits/shellcodes jQuery UI 1.12.1 - Denial of Service (DoS) Metasploit Framework 6.0.11 - msfvenom APK template command injection fuelCMS 1.4.1 - Remote Code Execution fuel CMS 1.4.1 - Remote Code Execution (1) OpenEMR 5.0.1 - Remote Code Execution OpenEMR 5.0.1 - Remote Code Execution (1) EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated) OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2) Fuel CMS 1.4.1 - Remote Code Execution (2) Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution
12 lines
No EOL
597 B
Text
12 lines
No EOL
597 B
Text
# Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
|
|
# Exploit Author: Mahendra Purbia
|
|
# Vendor Homepage: http://egavilanmedia.com
|
|
# Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
|
|
# Version: 1.0
|
|
# Tested on: Windows 10
|
|
|
|
Vulnerable Parameters: Full Name
|
|
Steps for reproduce:
|
|
1. go to http://localhost/PHPCRUD/
|
|
2. now click on "add new record" and fill the details (in first name name use :"><svg onload=alert(1)// )
|
|
3. Now reload the page and you will see that our XSS payload executed . Its an Stored XSS. |