Exploit/Advisories
Published on July 9th, 2020 📆 | 7091 Views ⚑
0File Management System 1.1 Cross Site Scripting ≈ Packet Storm
# Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting
# Date: 2020-06-30
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Software Link: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Version: 0.1.0
# Tested on: Kali Linux
< ?php echo $fname; ?>
< ?php echo $admin; ?>
< ?php echo $pass; ?>
< ?php echo $status; ?>
data-target="#modalRegisterFormsss"> | href="delete_admin.php?id=< ?php echo htmlentities($rs['id']); ?>">class='far fa-trash-alt'>
# Date: 2020-06-30
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Software Link: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Version: 0.1.0
# Tested on: Kali Linux
Source code(view_admin.php.php):
< ?php
require_once("include/connection.php");
$query="SELECT * FROM admin_login";
$result=mysqli_query($conn,$query);
while($rs=mysqli_fetch_array($result)){
$id = $rs['id'];
$fname=$rs['name'];
$admin=$rs['admin_user'];
$pass=$rs['admin_password'];
$status=$rs['admin_status'];
?>
data-target="#modalRegisterFormsss"> | href="delete_admin.php?id=< ?php echo htmlentities($rs['id']); ?>">class='far fa-trash-alt'>
< ?php } ?>
POC:
1. http://192.168.1.58/Private_Dashboard/view_admin.php
2. Add admin click button
3. We write payload in the name section ()
4. And view admin click button
5. And our bad payload will be displayed
Gloss