Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS

vendor:

Alumni Management System

by:

Siva Rajendran

7.5

CVSS

HIGH

Stored XSS

CWE

Product Name: Alumni Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: 2.3:a:sourcecodester:alumni_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10, Firefox Version 84.0

2020

Alumni Management System 1.0 – “Last Name field in Registration page” Stored XSS

Go to sign up page. In the "Last Name" field, use the following XSS payload "><img src=xx onerror=alert(document.cookie)> as the name and click on save. This should trigger the Stored XSS payload in admin panel users tab, once the admin login into the application to verify the registered users email address. The attacker steals the admin session cookie.

Mitigation:

Input validation should be done on the server side to prevent malicious code from being executed.

Source

Exploit-DB raw data:

# Exploit Title: Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS
# Exploit Author: Siva Rajendran
# Date: 2020-12-31
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Windows 10, Firefox Version 84.0

Step 1. Go to sign up page

Step 2. In the "Last Name" field, use the following XSS payload
"><img src=xx onerror=alert(document.cookie)> as the name and click on save.

Step 3. This should trigger the Stored XSS payload in admin panel users tab, once the admin login into the application to verify the registered users email address. The attacker steals the admin session cookie