Online Birth Certificate System 1.0 Cross Site Scripting

Online Birth Certificate System version 1.0 suffers from a persistent cross site scripting vulnerability.

MD5 | d74f46d5ff00bd79b6623218f49f35b1

Download

# Exploit Title: Online Birth Certificate System 1.0 Stored Cross-Site Scripting Vulnerability
# Date: 2020-02-21
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/online-birth-certificate-system-using-php-and- mysql/
# Software: : Online Birth Certificate System # Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability. This


# Vulnerable script: http://localhost/obcs/user/fill-birthregform.php
# Vulnerable parameters: ‘Place of Birth’, ‘Full Name of Father’, ‘Permanent Address’, ‘Postal Address’
# Payload used: <script>alert(‘document.cookie’)</script>
# POC: When you view the details under the Manage Details tab
# You will see your Javascript code executes.


Thanks and Regards, Priyanka Samak

Source: packetstormsecurity.com