3aeb1a0d81
12 changes to exploits/shellcodes 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH) Victor CMS 1.0 - File Upload To RCE Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated) CSE Bookstore 1.0 - Multiple SQL Injection Library Management System 3.0 - _Add Category_ Stored XSS Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit) Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit) Artworks Gallery Management System 1.0 - 'id' SQL Injection Faculty Evaluation System 1.0 - Stored XSS TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
20 lines
No EOL
697 B
Text
20 lines
No EOL
697 B
Text
# Exploit Title: Library Management System 3.0 - "Add Category" Stored XSS
|
|
# Exploit Author: Kislay Kumar
|
|
# Date: 2020-12-22
|
|
# Google Dork: N/A
|
|
# Vendor Homepage: https://otsglobal.org/
|
|
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
|
|
# Affected Version: 3.0
|
|
# Patched Version: Unpatched
|
|
# Category: Web Application
|
|
# Tested on: Kali Linux
|
|
|
|
Step 1. Login as Admin.
|
|
|
|
Step 2. Select "Book" from menu and select "Categories" from sub menu and
|
|
after that click on "Add Category".
|
|
|
|
Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"
|
|
|
|
Step 4. Now Click on "Save" , Go to "Category" and See last , there you
|
|
will get alert box. |