User Management System 2.0 Cross Site Scripting ↭
# Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: v2.0
# Tested on: Xampp
# Credit: İsmail BOZKURT
< ?php echo $cnt;?>
< ?php echo $row['fname'];?>
< ?php echo $row['lname'];?>
< ?php echo $row['email'];?>
< ?php echo $row['contactno'];?>
< ?php echo
$row['posting_date'];?>
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: v2.0
# Tested on: Xampp
# Credit: İsmail BOZKURT
------ Details:
1- Vulnerable code is here:
Insert user registration information to the DB without filtering.
if(isset($_POST['signup']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$password=$_POST['password'];
$contact=$_POST['contact'];
$enc_password=$password;
$msg=mysqli_query($con,"insert into
users(fname,lname,email,password,contactno)
values('$fname','$lname','$email','$enc_password','$contact')");
if($msg)
{
echo "";
}
}
2- In the admin dashboard:
Get fullName from DB and print it without any filtering
< ?php $ret=mysqli_query($con,"select * from users");
$cnt=1;
while($row=mysqli_fetch_array($ret))
{?>
$row['posting_date'];?>
4- If we insert value of the "fname" as "script>prompt(1)", we can
perform this attack as "Stored XSS"
Gloss