header-logo
Suggest Exploit
vendor:
Library Management System
by:
Kislay Kumar
7.5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Library Management System
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:otsglobal:library_management_system:3.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2020

Library Management System 3.0 – ‘Add Category’ Stored XSS

Login as Admin, select 'Book' from menu and select 'Categories' from sub menu and after that click on 'Add Category'. Insert payload - '><img src onerror=alert(1)> in 'Category Name'. Now click on 'Save', go to 'Category' and see last, there you will get alert box.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title:  Library Management System 3.0 - "Add Category" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://otsglobal.org/
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
# Affected Version: 3.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Admin.

Step 2. Select "Book" from menu and select "Categories" from sub menu and
after that click on "Add Category".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"

Step 4. Now  Click on "Save" , Go to "Category" and See last , there you
will get alert box.

Navigation

Suggest Exploit

Services By CQR