EgavilanMedia User Registration and Login System with Admin Panel version 1.0 suffers from a persistent cross site scripting vulnerability.
e070c95b3b4d46c523e747c6422ef8fd
# Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting
# Exploit Author: Soushikta Chowdhury
# Vendor Homepage: http://egavilanmedia.com
# Software Link: http://egavilanmedia.com/user-registration-and-login-system-with-admin-panel/
# Version: 1.0
# Tested on: Windows 10
# Contact: https://www.linkedin.com/in/soushikta-chowdhury/
Vulnerable Parameters: Full Name
Steps for reproduce:
1. Go to registration page
2. fill in the details & put <script>alert("soushikta")</script> payload in Full name.
3. Now goto Admin Panel. After entering go to Manage Users and go to the last page to check the newly added user. We could see that our payload gets executed.