Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Alumni Management System 1.0 Cross Site Scripting

Related Vulnerabilities: CVE-2020-28071  
Publish Date: 17 Dec 2020
Author: Valerio Alessandroni
Source 
                							

                # Exploit Title: Stored XSS on Alumni Management System 
# Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28071
# Description:
An attacker after the admin authentication, can upload an image in the gallery, using a XSS payload in the description textarea called "about" and reach a stored XSS.
# Reproduction:
- Login as "admin"
- upload an image in the gallery area in the administration panel injecting Javascript code in the textarea called "about"
- The obtained XSS affects the administration panel (ex: http://127.0.0.1/admin/index.php?page=gallery) and
the public gallery (ex: http://127.0.0.1/index.php?page=gallery)
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started