Exploit/Advisories
Published on September 27th, 2022 📆 | 1523 Views ⚑
0Online Birth Certificate Management System 1.0 Cross Site Scripting – Torchsec
# Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting (XSS)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0
Vulnerability Details
======================
Steps :
1) Log in to the application after register new user
Username: test
Password: 12345
2) Navigate to Birth Reg Form and Click on Add Details.
3) add full name payload =>
4) and all field enter payload only Contact Number enter number
Gloss