Complaint management system 4.2 persistent crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-04-23 |
Type : webapps |
Platform : php
This exploit / vulnerability Complaint management system 4.2 persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
1- Vulnerable code is here: http://localhost/cms/users/registration.php
2- Vulnerable code:
Insert user registration information to the DB without filtering.
if(isset($_POST['submit']))
{
$fullname=$_POST['fullname'];
$email=$_POST['email'];
$password=md5($_POST['password']);
$contactno=$_POST['contactno'];
$status=1;
$query=mysqli_query($con,"insert into
users(fullName,userEmail,password,contactNo,status)
values('$fullname','$email','$password','$contactno','$status')");
$msg="Registration successfull. Now You can login !";
}
?>
3- In the admin dashboard:
Get fullName from DB and print it without any filtering