Exploit/Advisories

Published on January 27th, 2021 📆 | 7586 Views ⚑

Daily Expense Tracker System 1.0 Cross Site Scripting – Torchsec

https://www.ispeech.org

# Exploit Title: Daily Expense Tracker System Stored Cross-Site Scripting
Vulnerability
# Date: 2021-01-26
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/
# Software Link:
https://phpgurukul.com/daily-expense-tracker-using-php-and-mysql/
# Software: : Daily Expense Tracker System # Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script:
1) http://localhost/dets/user-profile.php
2)http://localhost/dets/add-expense.php
# Vulnerable parameters: ‘Full Name' and 'Item’
# Payload used: 
# POC: When you view the details under the Manage Expense tab and User
Profile tab
# You will see your Javascript code executes.Thanks and Regards, Priyanka Samak

Source link

Tagged with: advisory • cross • CSRF • daily • expense • exploit • overflow • scanner • scripting • security • Site • system • torchsec • tracker • vulnerability • whitepaper • XSS

Comments are closed.

Daily Expense Tracker System 1.0 Cross Site Scripting – Torchsec

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups