# Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting
# Date: 2020-06-30
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Software Link: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Version: 0.1.0
# Tested on: Kali Linux
Source code(view_admin.php.php):
|
|
|
|
| |
POC:
1. http://192.168.1.58/Private_Dashboard/view_admin.php
2. Add admin click button
3. We write payload in the name section ()
4. And view admin click button
5. And our bad payload will be displayed