Search for hundreds of thousands of exploits

"File Management System 1.1 - Persistent Cross-Site Scripting"

Author

Exploit author

KeopssGroup0day_Inc

Platform

Exploit platform

php

Release date

Exploit published date

2020-07-06

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting
# Date: 2020-06-30
# Exploit Author: KeopssGroup0day,Inc
# Vendor Homepage:  https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Software Link:  https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1
# Version: 0.1.0
# Tested on: Kali Linux

Source code(view_admin.php.php):
<?php
require_once("include/connection.php");
$query="SELECT * FROM admin_login";
$result=mysqli_query($conn,$query);
while($rs=mysqli_fetch_array($result)){
$id =  $rs['id'];
$fname=$rs['name'];
$admin=$rs['admin_user'];
$pass=$rs['admin_password'];
$status=$rs['admin_status'];
?>
<tr>
  <td width='10%'><?php echo $fname; ?></td>
  <td align='center'><?php echo $admin; ?></td>
  <td align='center' width="20%"><?php echo $pass; ?></td>
  <td align='center'><?php echo $status; ?></td>
  <td align='center'><a href="#modalRegisterFormsss?id=<?php echo 
$id;?>">
  <i class="fas fa-user-edit" data-toggle="modal" 
data-target="#modalRegisterFormsss"></i> </a> | <a 
href="delete_admin.php?id=<?php echo htmlentities($rs['id']); ?>"><i 
class='far fa-trash-alt'></i></a></td>
</tr>
<?php  } ?>

POC:

1. http://192.168.1.58/Private_Dashboard/view_admin.php

2. Add admin click button

3. We write payload in the name section (<script>alert(1);</script>)

4. And view admin click button

5. And our bad payload will be displayed
Release DateTitleTypePlatformAuthor
2020-09-16"Piwigo 2.10.1 - Cross Site Scripting"webappsphpIridium
2020-09-15"Tailor MS 1.0 - Reflected Cross-Site Scripting"webappsphpboku
2020-09-15"ThinkAdmin 6 - Arbitrarily File Read"webappsphpHzllaga
2020-09-14"Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)"webappsphp"Mehmet Kelepçe"
2020-09-10"CuteNews 2.1.2 - Remote Code Execution"webappsphp"Musyoka Ian"
2020-09-09"Tailor Management System - 'id' SQL Injection"webappsphpMosaaed
2020-09-07"grocy 2.7.1 - Persistent Cross-Site Scripting"webappsphp"Mufaddal Masalawala"
2020-09-03"BloodX CMS 1.0 - Authentication Bypass"webappsphpBKpatron
2020-09-03"Daily Tracker System 1.0 - Authentication Bypass"webappsphp"Adeeb Shah"
2020-09-03"SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)"webappsphpV1n1v131r4
Release DateTitleTypePlatformAuthor
2020-07-15"Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-15"Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass"webappsphpKeopssGroup0day_Inc
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-01"e-learning Php Script 0.1.0 - 'search' SQL Injection"webappsphpKeopssGroup0day_Inc
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48635/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.