EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting: Posted Jan 28, 2021; Authored by Mahendra Purbia; EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 698c586a1a7eeb7ff48dbd8ffc3ab17d4a04e04cb2345f871dc7e60b482e6822; Download | Favorite | View

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

# Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
# Exploit Author: Mahendra Purbia
# Vendor Homepage: http://egavilanmedia.com
# Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
# Version: 1.0
# Tested on: Windows 10

Vulnerable Parameters: Full Name
Steps for reproduce:
 1. go to http://localhost/PHPCRUD/
 2. now click on "add new record" and fill the details (in first name name use :"><svg onload=alert(1)// )
 3. Now reload the page and you will see that our XSS payload executed . Its an Stored XSS.

Top Authors In Last 30 Days

Red Hat 230 files
Ubuntu 89 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

Share This

EgavilanMedia PHPCRUD 1.0 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems