School College Portal with ERP Script 2.6.1 – Stored XSS


Date: 23.02.2018
Exploit Author:CK01
Version:2.6.1

Proof of Concept:

0x00 Use the student landing website (Demo)
  

  0x01 User (Merry Daniel) Send a message to Administrator (PHPScripts Mall) (xss payload)

0x02 Administrator (PHPScripts Mall) View User (Merry Daniel) News, Successfully Triggered xss Vulnerability









评论

发表评论

此博客中的热门博文

Opencart-v3-0-3-0 user changes password at csrf vulnerability

Integer overflow vulnerability in pycryptodome module

Charles 4.2.7 XML External Entity