Budget Management System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 30th, 2021 📆 | 5036 Views ⚑

0

Budget Management System 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
# Exploit Author: Jitendra Kumar Tripathi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
# Version: 1
# Tested on Windows 10 + Xampp 8.0.3

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Customer Details

*Steps to reproduce:*
Add Budget Title
Payload :
Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.

Source link

Tagged with:



Leave a Reply