Class Scheduling System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
adbb192a182c5be01024e5377112931a76283874d7ee2370350f93a0aa3d9cd1# Exploit Title: Class Scheduling System 1.0 - Multiple Stored XSS
# Exploit Author: Aakash Madaan (Godsky)
# Date: 2020-12-22
# Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=5175&title=Class+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS
[+] Step 1. Login to the application with admin credentials
[+] Step 2.1(a). Click on "Department" page. {Uri :http(s)://<host>/admin/department.php}
Step 2.1(b). In the "Person Incharge" field, use XSS payload '"><script>alert("Department")</script>' as the name of new course and click on save.
[ Note : The XSS can also be triggered if we put the same payload in "Title" field ]
Step 2.1(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered.
[+] Step 2.2(a). Click on "Subject" page. {Uri :http(s)://<host>/admin/subject.php}
Step 2.2(b). In the "Subject Code" field, use XSS payload '"><script>alert("Subject")</script>' as the name of new course and click on save.
[ Note : The XSS can also be triggered if we put the same payload in "Title" field ]
Step 2.2(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject", your XSS Payloads will be triggered.
[+] Step 2.3(a). Click on "Course" page. {Uri :
http(s)://<host>/admin/course.php}
Step 2.3(b). In the "Course Year" field, use XSS payload '"><script>alert("Course")</script>' as the name of new course and click on save.
[ Note : The XSS can also be triggered if we put the same payload in "Major" field ]
Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Course", your XSS Payloads will be triggered.
[+] Step 2.3(a). Click on "Record" page. {Uri :http(s)://<host>/admin/record.php}
Step 2.3(b). In the "Name" field, use XSS payload '"><script>alert("Record")</script>' as the name of new course and click onsave.
[ Note : The XSS can also be triggered if we put the same payload in "Academic Rank" or "Designation" field ]
Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Record", your XSS Payloads will be triggered.
[+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payload will be triggered.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed