1d95e0bd8b
16 changes to exploits/shellcodes Nxlog Community Edition 2.10.2150 - DoS (Poc) Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated) Linksys RE6500 1.0.11.001 - Unauthenticated RCE Content Management System 1.0 - 'First Name' Stored XSS Content Management System 1.0 - 'email' SQL Injection Content Management System 1.0 - 'id' SQL Injection Medical Center Portal Management System 1.0 - 'id' SQL Injection Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS Customer Support System 1.0 - 'id' SQL Injection Online Tours & Travels Management System 1.0 - _id_ SQL Injection Interview Management System 1.0 - Stored XSS in Add New Question Interview Management System 1.0 - 'id' SQL Injection Employee Record System 1.0 - Multiple Stored XSS PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting) Victor CMS 1.0 - Multiple SQL Injection (Authenticated)
22 lines
No EOL
935 B
Text
22 lines
No EOL
935 B
Text
# Exploit Title: Interview Management System 1.0 - Stored XSS in Add New Question
|
|
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
|
|
# Date: 2020-12-09
|
|
# Google Dork: N/A
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=14585&title=Interview+Management+System+in+PHP%2FMySQLi+with+Full+Source+Codee
|
|
# Affected Version: Version 1
|
|
# Patched Version: Unpatched
|
|
# Category: Web Application
|
|
# Tested on: Parrot OS
|
|
|
|
Step 1: Log in to the application with any valid user credentials.
|
|
|
|
Step 2: Click on Add New Question Page.
|
|
|
|
Step 3: input "<script>alert(document.cookie)</script>" in the new question
|
|
field and select add new question.
|
|
|
|
Step 4: Once you have an XSS payload as a question in add new question
|
|
page, click on View Questions Page.
|
|
|
|
Step 5: This will trigger the XSS payload. |