3aeb1a0d81
12 changes to exploits/shellcodes 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH) Victor CMS 1.0 - File Upload To RCE Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated) CSE Bookstore 1.0 - Multiple SQL Injection Library Management System 3.0 - _Add Category_ Stored XSS Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit) Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit) Artworks Gallery Management System 1.0 - 'id' SQL Injection Faculty Evaluation System 1.0 - Stored XSS TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
18 lines
No EOL
721 B
Text
18 lines
No EOL
721 B
Text
# Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
|
|
# Exploit Author: Kislay Kumar
|
|
# Date: 2020-12-21
|
|
# Google Dork: N/A
|
|
# Vendor Homepage: https://www.ramomcoder.com/
|
|
# Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324
|
|
# Affected Version: 3.5
|
|
# Category: Web Application
|
|
# Tested on: Kali Linux
|
|
|
|
Step 1. Login as Super Admin.
|
|
|
|
Step 2. Select "Branch" from menu and after that click on "Create Branch".
|
|
|
|
Step 3. Insert payload - "><img src onerror=alert(1)> in "Branch Name" ,
|
|
"School Name" , "Mobile No." , "Currency" , "Symbol" , "City" and "State".
|
|
|
|
Step 4. Now Click on "Save" and you will get a list of alert boxes. |