/
CVE-7
57 lines (55 loc) · 1.81 KB
/
CVE-7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
> [Suggested description]
> Code-Projects Exam Form Submission 1.0 is vulnerable to Cross Site
> Scripting (XSS). Exploit Title: Exam Form Submission In PHP With
> Source Code - XSS Cross Site Scripting Date: 02/09/2023 Exploit Author:
> Aaditya Singh Rajawat Vendor Homepage: https://code-projects.org/
> Software Link:
> https://code-projects.org/exam-form-submission-in-php-with-source-code/
> Tested On: Linux Steps to Reproduce - 1. Visit
> https://localhost/EXAM_FORM_SUBMISSION/ 2. Click on "Admin" 3. After
> clicking on "Admin" we'll redirect to the URL:
> https://localhost/EXAM_FORM_SUBMISSION/admin/index.php 4. Fill Admin ID
> and Password "hodCSE@bmsce.ac.in" "hodcs" 5. Then we'll redirect to the
> URL: https://localhost/EXAM_FORM_SUBMISSION/admin/dashboard.php 6.
> Click on "Manage Fastrack Subjects" 7. Click on Update 8. Use this
> payload: <script>alert(321)</script> 9. Use XSS payload (
> <script>alert(321)</script> ) and put the payload in the "Subject Name"
> and "Subject Code" Section 10. Then click on "Change Subject" 11. It
> reflected the value of 321.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> https://code-projects.org/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Exam Form Submission In PHP With Source Code - V1.0
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Reference]
> https://code-projects.org/
> https://code-projects.org/exam-form-submission-in-php-with-source-code/
>
> ------------------------------------------
>
> [Discoverer]
> Aaditya Singh Rajawat
Use CVE-2023-42308.