Regis Inventory And Monitoring System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 27th, 2021 📆 | 4254 Views ⚑

0

Regis Inventory And Monitoring System 1.0 Cross Site Scripting ≈ Packet Storm

# Title: Regis Inventory And Monitoring System 1.0 – ‘Item List’ Stored XSS
# Exploit Author: George Tsimpidas
# Date: 2021-03-25
# Vendor Homepage: www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip
# Version : 1.0.0
# Tested on: Kali Linux 2020.4
# Category: Webapp

# Description

Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item’s List Category

#PoC

1. Login as admin : http://localhost/regis_inventory/index.php
2. Visit : http://localhost/regis_inventory/item.php
3. Click add a New Item and input your payload on “Generic Name” textbox.

Payload :

4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up

Source link

Tagged with:



Leave a Reply