Loan Management System 1.0 Cross Site Scripting
- Loan Management System 1.0 Cross Site Scripting
- Posted Jul 28, 2022
- Authored by saitamang
- Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
- SHA-256 |
44b807c10851b4db74cc02ac40db2bbe66fd7376b59011a5c95ab7a8d9bd232b - Download | Favorite | View
# Exploit Title: Loan Management System - Stored XSS on several parameters
# Date: 28/07/2022
# Exploit Author: saitamang
# Vendor Homepage: sourcecodester
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip
# Version: 1.0
# Tested on: Centos 7 apache2 + MySQLThere are several functions and parameter affected as below:
addUser.php
– firstname
– lastname
save_ltype.php
– ltype_name
– ltype_desc
save_borrower.php
– firstname
– middlename
– lastname
– address
The payload use to inject is “/><svg/onload=alert(document.cookie)>