[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Faculty Evaluation System 1.0 - Stored XSS Vulnerability

Author
Vijay Sachdeva
Risk
[
Security Risk High
]
0day-ID
0day-ID-35554
Category
web applications
Date add
22-12-2020
Platform
php
# Exploit Title: Faculty Evaluation System 1.0 - Stored XSS
# Exploit Author: Vijay Sachdeva (pwnshell)
# Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14635&title=Faculty+Evaluation+System+using+PHP%2FMySQLi+with+Source+Code
# Tested on Kali Linux

Step 1: Log in to the application with admin credentials

Step 2: Click on Questionnaires, then click "Action" for any Academic Year
and then click manage.

Step 3. Input "<script>alert("pwnshell")</script>" in "Question" field of
the Question form.

Step 4. Click on "Save" when done and this will trigger the Stored XSS
payloads. Whenever you click on Questionnaires, click action for any
academic year, and then manage,  your XSS Payloads will be triggered for
that "Academic Year"

#  0day.today [2024-12-25]  #