[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Resumes Management And Job Application Website 1.0 Cross Site Scripting Vulnerability

Author
Saswat Subhajyoti Mallick
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-35600
Category
web applications
Date add
04-01-2021
Platform
php
# Exploit Title: Multiple Stored XSS in
Resumes-management-and-job-application-website
# Exploit Author: Saswat Subhajyoti Mallick
# Vendor Homepage: https://egavilanmedia.com/
# Software Link:
https://egavilanmedia.com/resumes-management-and-job-application-website/
# Version: 1.0
# Tested on: windows 10/wamp

Attacker can put stored xss and gain admin access unauthenticated .
For stored XSS poc

simply put <script>alert(1)</script> in first name,last name and
address field while applying for resume.

Stored XSS will be activated the moment admin user logs in.

#  0day.today [2024-11-16]  #