bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/47725.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
# Date: 2019-11-29
# Exploit Author: Cemal Cihad ÇİFTÇİ
# Vendor Homepage: https://bigprof.com
# Software Link : https://bigprof.com/appgini/applications/online-inventory-manager
# Software : Online Inventory Manager
# Version : 3.2
# Vulernability Type : Cross-site Scripting
# Vulenrability : Stored XSS
# Tested on: Windows 10 Pro
# Stored XSS has been discovered in the Online Inventory Manager created by bigprof/AppGini
# editgroups section. In editgroups section
# (http://localhost/inventory/admin/pageEditGroup.php?groupID=1).
# Payload i used:
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>"
# POC: http://localhost/inventory/admin/pageViewGroups.php in this
# url you can edit the groups information with pressing onto the group name. After the edit page open
# you can enter your payload into the description field. After going back to
# the groups page you will see your Javascript code gonna run.
# This vulnerability is also exist while you are creating a new group.
Reference in a new issue View git blame Copy permalink