Library Management System 3.0 Cross Site Scripting

Library Management System version 3.0 suffers from a persistent cross site scripting vulnerability.


MD5 | 158c116d00eec69c6ba9ab829568f511

# Exploit Title:  Library Management System 3.0 - "Add Category" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://otsglobal.org/
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
# Affected Version: 3.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Admin.

Step 2. Select "Book" from menu and select "Categories" from sub menu and
after that click on "Add Category".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"

Step 4. Now Click on "Save" , Go to "Category" and See last , there you
will get alert box.



Related Posts