header-logo
Suggest Exploit
vendor:
CRUD Operation
by:
Arnav Tripathy
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: CRUD Operation
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:egavilanmedia:crud_operation:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux/LAMP
2021

CRUD Operation 1.0 – Multiple Stored XSS

When a user clicks on the 'add new record' button, they can enter malicious JavaScript code into the parameters. When the record is added, the malicious code will be stored in the database and will be executed when the page is refreshed.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database.
Source

Exploit-DB raw data:

# Exploit Title: CRUD Operation 1.0 - Multiple Stored XSS
# Date: 4/1/2021
# Exploit Author: Arnav Tripathy
# Vendor Homepage: https://egavilanmedia.com
# Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/
# Version: 1.0
# Tested on: linux / Lamp

Click on add new record. Simply put <script>alert(1)</script> and so on in all parameters. Pop up should come up moment you add the record. If not , simply refresh the page, it should come up.

Navigation

Suggest Exploit

Services By CQR