Alumni management system 1.0 "course form" stored xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-18 | Type : webapps | Platform : php
This exploit / vulnerability Alumni management system 1.0 "course form" stored xss is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Alumni Management System 1.0 - "Course Form" Stored XSS
# Exploit Author: Aakash Madaan
# Date: 2020-12-10
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS


Step 1. Login to the application with admin credentials

Step 2. Click on the "Course List" page.

Step 3. In the "Course Form" field, use XSS payload
"<script>alert("course")</script>" as the name of new course and click on
save.

Step 4. This should trigger the XSS payload and anytime you click on the
"Course List" page, your stored XSS payload will be triggered.

Alumni management system 1.0 "course form" stored xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Alumni management system 1.0 "course form" stored xss Vulnerability / Exploit