# Exploit Title: Online Birth Certificate System 1.0 Stored Cross-Site Scripting Vulnerability # Date: 2020-02-21 # Exploit Author: Priyanka Samak # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/online-birth-certificate-system-using-php-and- mysql/ # Software: : Online Birth Certificate System # Version : 1.0 # Vulnerability Type: Cross-site Scripting # Vulnerability: Stored XSS # Tested on Windows 10 # This application is vulnerable to Stored XSS vulnerability. This # Vulnerable script: http://localhost/obcs/user/fill-birthregform.php # Vulnerable parameters: ‘Place of Birth’, ‘Full Name of Father’, ‘Permanent Address’, ‘Postal Address’ # Payload used: # POC: When you view the details under the Manage Details tab # You will see your Javascript code executes. Thanks and Regards, Priyanka Samak