bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49306.txt
Offensive Security cd30696d15 DB: 2020-12-22 
15 changes to exploits/shellcodes

Queue Management System 4.0.0 - _Add User_ Stored XSS
Spotweb 1.4.9 - 'search' SQL Injection
Academy-LMS 4.3 - Stored XSS
Spiceworks 7.5 - HTTP Header Injection

Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
SCO Openserver 5.0.7 - 'section' Reflected XSS
SCO Openserver 5.0.7 - 'outputform' Command Injection
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS
Point of Sale System 1.0 - Multiple Stored XSS
Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
2020-12-22 05:01:58 +00:00

18 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
# Date: 2020-12-18
# Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html
# Software Link: https://www.sourcecodester.com/download-code?nid=9620&title=Point+of+Sale+System+%28POS%29+using+PHP+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS
Step 1. Login to the application with admin credentials
Step 2. Click on "Suppliers" in header and select "Add Supplier".
Step 3. Input "<script>alert("r0b0tG4nG")</script>" in all fields of the form.
Note: Stored XSS vulnerability can also be found "Customers Page" when you select "Add New Customer". Apply Same method above to execute Stored XSS.
Step 4. Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Suppliers Page", your XSS Payloads will be triggered.
Note: Stored XSS can also be triggered when you click on "Products Page" and select "Add New Product".
Reference in a new issue View git blame Copy permalink