Skip to content
/ CVE-2022-33075 Public

Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

angelopioamirante/CVE-2022-33075

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2022-33075

Exploit Title: Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)

Date: 05/26/2022

Exploit Author: Angelo Pio Amirante

Vendor Homepage: https://www.sourcecodester.com/

Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html

Version: 1.0

Tested on: Server: XAMPP

CVE: 2022-33075

Description:

Zoo Management System 1.0 is vulnerable to a stored cross site scripting in “Add Classification” functionality of the admin panel.

Exploit:

  1. Goto: http://localhost/admin/public_html/admin_login and login with the provided credentials
  2. Goto: http://localhost/admin/public_html/save_classification
  3. The “Classification Display Name” and “Classification Table Name” are both vulnerable so you can put <script>alert(“xss”)</script> in one of them
  4. Goto: http://localhost/admin/public_html/view_classifications
  5. Stored XSS payload is fired

Image Poc:

About

Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published