Jewelry Shop Management System - Multiple XSS

2023.12.10

Credit: Eren Arslan

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Title : Jewelry Shop Management System - Multiple XSS
# Author : @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/15426/jewelry-shop-management-system-php-using-codeigniter-free-source-code.html
# CVE: N/A
# Screenshot : https://prnt.sc/K5qLLCel2J2j

Used Payload :
"><script>(/eawhitehat is here/)</script>

Admin account : 
Email: ndevierte@gmail.com
Password: nurhodelta

Method :
Connect to panel : http://localhost/app/

#Vulnerabîlity
After login with 
1. Go to your profile by clicking on your account in the upper right corner
2. Click on "Profile".
3. Edit your information on the first category
4. Enter the payload "><script>(/Hey Hoy/)</script>
5. Save and the payload will be loaded

Enjoy !

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Jewelry Shop Management System - Multiple XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.