4e246a01fb
18 changes to exploits/shellcodes/ghdb
DLINK DPH-400SE - Exposure of Sensitive Information
FileMage Gateway 1.10.9 - Local File Inclusion
Academy LMS 6.1 - Arbitrary File Upload
AdminLTE PiHole 5.18 - Broken Access Control
Blood Donor Management System v1.0 - Stored XSS
Bus Reservation System 1.1 - Multiple-SQLi
Credit Lite 1.5.4 - SQL Injection
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
Hyip Rio 2.1 - Arbitrary File Upload
Member Login Script 3.3 - Client-side desync
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow
Kingo ROOT 1.5.8 - Unquoted Service Path
NVClient v5.0 - Stack Buffer Overflow (DoS)
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
20 lines
No EOL
651 B
Text
20 lines
No EOL
651 B
Text
# Exploit Title: Blood Donor Management System v1.0 - Stored XSS
|
|
# Application: Blood Donor Management System
|
|
# Version: v1.0
|
|
# Bugs: Stored XSS
|
|
# Technology: PHP
|
|
# Vendor Homepage: https://phpgurukul.com/
|
|
# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/
|
|
# Date: 15.08.2023
|
|
# Author: Ehlullah Albayrak
|
|
# Tested on: Windows
|
|
|
|
|
|
#POC
|
|
========================================
|
|
1. Login to user account
|
|
2. Go to Profile
|
|
3. Change "State" input and add "<script>alert("xss")</script>" payload.
|
|
4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.
|
|
|
|
#Payload: <script>alert("xss")</script> |