Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-2022-3518/POC
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
33 lines (25 sloc)
1.12 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Sanitization Management System 1.0: Stored XSS | |
| # Exploit Author: Lohith Velagapudi | |
| # Vendor Name: oretnom23 | |
| # Vendor Homepage: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html | |
| # Software Link: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html | |
| # Version: v1.0 | |
| # Tested on: Parrot GNU/Linux 4.10, Apache | |
| # CVE: CVE-2022-3518 | |
| Description:- | |
| A Stored XSS issue in Sanitization Management System 1.0 allows to inject Arbitrary JavaScript in create user creation account First Name, Middle name and Last Name | |
| ` | |
| Payload used:- | |
| <script>confirm(1)</script> | |
| ` | |
| Parameter:- | |
| First Name | |
| Middle Name | |
| Last Name | |
| ` | |
| Steps to reproduce:- | |
| 1. First go the admin login | |
| 2. From there go to "User creation" and we fill out the details. | |
| 3. We put our payload in First Name, Middle Name and Last name | |
| Payload: <script>confirm(1)</script> | |
| 4. Now when the account is created our payload has been executed. |