Class Scheduling System 1.0 Cross Site Scripting

#222
Topic created · 1 Posts · 0 Views
  • Class Scheduling System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
    MD5 | 7de1e30b55f9502c394b3d3adf4f7ac3
    Download

    # Exploit Title:  Class Scheduling System 1.0 - Multiple Stored XSS  
    # Exploit Author: Aakash Madaan (Godsky)  
    # Date: 2020-12-22  
    # Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html  
    # Software Link: https://www.sourcecodester.com/download-code?nid=5175&title=Class+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code  
    # Affected Version: Version 1  
    # Category: Web Application  
    # Tested on: Parrot OS  
    [+] Step 1. Login to the application with admin credentials  
    [+] Step 2.1(a). Click on "Department" page.  {Uri :http(s)://<host>/admin/department.php}  
    Step 2.1(b). In the "Person Incharge" field, use XSS payload '"><script>alert("Department")</script>' as the name of new course and click on save.  
    [ Note : The XSS can also be triggered if we put the same payload in "Title" field ]  
    Step 2.1(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered.  
    [+] Step 2.2(a). Click on "Subject" page.  {Uri :http(s)://<host>/admin/subject.php}  
    Step 2.2(b). In the "Subject Code" field, use XSS payload '"><script>alert("Subject")</script>' as the name of new course and click on save.  
    [ Note : The XSS can also be triggered if we put the same payload in "Title" field ]  
    Step 2.2(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject", your XSS Payloads will be triggered.  
    [+] Step 2.3(a). Click on "Course" page.  {Uri :  
    http(s)://<host>/admin/course.php}  
    Step 2.3(b). In the "Course Year" field, use XSS payload '"><script>alert("Course")</script>' as the name of new course and click on save.  
    [ Note : The XSS can also be triggered if we put the same payload in "Major" field ]  
    Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Course", your XSS Payloads will be triggered.  
    [+] Step 2.3(a). Click on "Record" page.  {Uri :http(s)://<host>/admin/record.php}  
    Step 2.3(b). In the "Name" field, use XSS payload '"><script>alert("Record")</script>' as the name of new course and click onsave.  
    [ Note : The XSS can also be triggered if we put the same payload in "Academic Rank" or "Designation" field ]  
    Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Record", your XSS Payloads will be triggered.  
    [+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payload will be triggered.  
    

    Source: packetstormsecurity.com

Log in to reply