Class Scheduling System 1.0 Cross Site Scripting

2020.12.29
Credit: Aakash Madaan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Class Scheduling System 1.0 - Multiple Stored XSS # Exploit Author: Aakash Madaan (Godsky) # Date: 2020-12-22 # Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html # Software Link: https://www.sourcecodester.com/download-code?nid=5175&title=Class+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code # Affected Version: Version 1 # Category: Web Application # Tested on: Parrot OS [+] Step 1. Login to the application with admin credentials [+] Step 2.1(a). Click on "Department" page. {Uri :http(s)://<host>/admin/department.php} Step 2.1(b). In the "Person Incharge" field, use XSS payload '"><script>alert("Department")</script>' as the name of new course and click on save. [ Note : The XSS can also be triggered if we put the same payload in "Title" field ] Step 2.1(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered. [+] Step 2.2(a). Click on "Subject" page. {Uri :http(s)://<host>/admin/subject.php} Step 2.2(b). In the "Subject Code" field, use XSS payload '"><script>alert("Subject")</script>' as the name of new course and click on save. [ Note : The XSS can also be triggered if we put the same payload in "Title" field ] Step 2.2(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject", your XSS Payloads will be triggered. [+] Step 2.3(a). Click on "Course" page. {Uri : http(s)://<host>/admin/course.php} Step 2.3(b). In the "Course Year" field, use XSS payload '"><script>alert("Course")</script>' as the name of new course and click on save. [ Note : The XSS can also be triggered if we put the same payload in "Major" field ] Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Course", your XSS Payloads will be triggered. [+] Step 2.3(a). Click on "Record" page. {Uri :http(s)://<host>/admin/record.php} Step 2.3(b). In the "Name" field, use XSS payload '"><script>alert("Record")</script>' as the name of new course and click onsave. [ Note : The XSS can also be triggered if we put the same payload in "Academic Rank" or "Designation" field ] Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Record", your XSS Payloads will be triggered. [+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payload will be triggered.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top