Teachers Record Management System 1.0 - 'Reflected' Cross Site Scripting (xss) in Search Options

2021.07.15
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Teachers Record Management System 1.0 - 'Reflected' Cross Site Scripting (xss) in Search Options # Date: 10 July 2021 # Exploit Author: Subhadip Nag (mrl0s3r) # Author Linkedin: www.linkedin.com/in/subhadip-nag-09/ # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ # Tested on: Server: XAMPP ################################################################################################################################################################## # Description # Teachers Record Management System 1.0 - 'Reflected' Cross Site Scripting (xss) in Search Options. Showing us All Teacher Details. ################################################################################################################################################################## # Proof of Concept (PoC) : Exploit # 1) Goto: http://localhost/TRMSP/trms/ 2) In the search option, Enter the payload: <script>alert('XSS')</script> 3) our XSS attack successfull 4) Goto: http://localhost/TRMSP/trms/admin/index.php 5) Login as a admin with given credentials: admin | Test@123 6) Goto: http://localhost/TRMSP/trms/admin/search.php 7) In the 'search by name or Subject', Enter the payload: <script>alert(1)</script> 8) Our XSS attack successful ################################################################################################################################################################## # PoC image 1) https://ibb.co/Vxf7Cxy 2) https://ibb.co/t3GG3Zp 3) https://ibb.co/Vxf7Cxy 4) https://ibb.co/x7mMRnk 5) https://ibb.co/NNm7tNP


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top