Responsive E-Learning System version 1.0 suffers from a persistent cross site scripting vulnerability.
0edd9eacab7dc088ea519d8be32fdace
# Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting
# Date: 2020-12-24
# Exploit Author: Kshitiz Raj(manitorpotterk)
# Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=5172&title=Responsive+E-Learning+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux
Step 1- Go to url http://localhost/elearning/admin/index.php
Step 2 – Login as admin.
Step 3 – Go to http://localhost/elearning/admin/course.php
Step 4 – click on Edit course (any course)
Step 5 – Enter *Course Year And Section:* as <script>alert()</script> and fill the other values.
Step 6 – Click Save
XSS popup will be triggered.