Skip to content

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

License

Notifications You must be signed in to change notification settings

boku7/tailorMS-rXSS-Keylogger

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Exploit Title: Tailor MS v1.0 - Reflected XSS Key Logger

Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)

  • Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.
  • OWASP Top Ten 2017: A7:2017-Cross-Site Scripting (XSS)
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Type 1: Reflected XSS
  • CWE-523: Unprotected Transport of Credentials
  • CVSS Base Score: 6.4
    • Impact Subscore: 4.7
    • Exploitability Subscore: 1.6
  • CVSS v3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Tested On: Windows 10 Pro + XAMPP | Python 2.7

About

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages