Zoo management system 1.0 multiple persistent crosssitescripting (xss) Vulnerability / Exploit

/ / /

Exploits / Vulnerability Discovered : 2021-07-09 | Type : webapps | Platform : php
This exploit / vulnerability Zoo management system 1.0 multiple persistent crosssitescripting (xss) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)
# Date: 08/07/2021
# Exploit Author: Subhadip Nag
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Server: XAMPP

# Description #

Zoo Management System 1.0 is vulnerable to 'Multiple' stored cross site scripting because of insufficient user supplied data.

# Proof of Concept (PoC) : Exploit #

1) Goto: http://localhost/ZMSP/zms/admin/index.php and Login(given User & password)
2) Goto: http://localhost/ZMSP/zms/admin/add-animals.php
3) Fill out Animal name, Breed and Description with given payload: <script>alert(1)</script>
4) Goto: http://localhost/ZMSP/zms/admin/manage-animals.php
5) Stored XSS payload is fired

6) Goto: http://localhost/ZMSP/zms/admin/manage-ticket.php
7) Edit any Action field with the following payload: <script>alert(1)</script> and Update
8) Go back and again click 'Manage Type Ticket'
9) Stored XSS payload is fired

10) Goto: http://localhost/ZMSP/zms/admin/aboutus.php
11) In the Page 'Title' & 'Description',Enter the Payload: <script>alert(1)</script> and Click Update

12) Goto: http://localhost/ZMSP/zms/admin/contactus.php
13) Put the Same Payload in the Page 'Title' & 'Description' and Click Update
14) Logout and click 'Back Home'
15) Our XSS payload successful

# Image PoC : Reference Image #

1) https://ibb.co/g4hFQDV
2) https://ibb.co/frbpf9c
3) https://ibb.co/NtKrc9C
4) https://ibb.co/cFGWhCz
4) https://ibb.co/CMXmN4f
5) https://ibb.co/C0dV0PC
6) https://ibb.co/4ZW8tb3
7) https://ibb.co/3zgFq9b
8) https://ibb.co/wS8wXj8