bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48905.txt
Offensive Security ae14b71248 DB: 2020-10-20 
16 changes to exploits/shellcodes

Tourism Management System 1.0 - Arbitrary File Upload
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
Online Discussion Forum Site 1.0 - XSS in Messaging System
Online Job Portal 1.0 - Cross Site Scripting (Stored)
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
HiSilicon Video Encoders - RCE via unauthenticated command injection
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
HiSilicon Video Encoders - Full admin access via backdoor password
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Textpattern CMS 4.6.2 - Cross-site Request Forgery
2020-10-20 05:02:13 +00:00

39 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via
Guardian Name, Guardian Relation, Guardian Contact no, Address, City
# Google Dork: N/A
# Date: 2020-10-08
# Exploit Author: Kokn3t
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/hostel-management-system
# Version: V 2.1
# Tested on: Windows 10, Kali 2020.1
# CVE : CVE-2020-25270
######## Attack Vector ########
Install Hostel Management System V 2.1
1) User Module
Login as user and go to "Book Hostel"
(http:/localhost/hostel/book-hostel.php) and start booking.
Add malicious script in these fields - "<script>alert('XSS');</script>"
i. Guardian Name
ii. Guardian Relation
iii.Guardian Contact no
iv. Address
vi. City
After that will get a prompt "Student Successfully register" and after
pressing "See All", XSS will be triggered.
2) Admin Module
Login in as Admin and go to "Management Students", and "View Full details"
of booked student's record, XSS will be triggered also.
Reference in a new issue View git blame Copy permalink