Advertisement






Task Management System 1.0 Cross Site Scripting

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120052

Below is a copy:

Task Management System 1.0 Cross Site Scripting
# Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
# Date: 2020-12-08
# Google Dork: N/A
# Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS

Step 1: Log in to the CMS with any valid user credentials.
Step 2: Click on the logged in username on header and select Manage Account.
Step 3: Rename the user First Name or Last Name to "
<script>alert(document.domain)</script> ".
Step 4: Update Profile and this will trigger the XSS.
Step 5: Logout and login again and the page will display the domain name.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum