Curfew epass management system 1.0 stored xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-01-07 | Type : webapps | Platform : php
This exploit / vulnerability Curfew epass management system 1.0 stored xss is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Curfew e-Pass Management System 1.0 - Stored XSS
# Date: 2/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10/Wamp

1) Log into the application
2) Click on pass then click add a pass
3) Put <script>alert(1)</script> in the Full name parameter , rest all fill whatever you want.
4) Now go to manage passes, view the pass you just created.
5) You'll get popup of alert

Curfew epass management system 1.0 stored xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Curfew epass management system 1.0 stored xss Vulnerability / Exploit