header-logo
Suggest Exploit
vendor:
Budget Management System
by:
Jitendra Kumar Tripathi
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Budget Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:budget_management_system:1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 + Xampp 8.0.3
2020

Budget Management System 1.0 – ‘Budget title’ Stored XSS

Budget Management System 1.0 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the 'Budget title' field, which is stored in the database. When a user visits the page, the malicious code is executed in the user's browser. This can be used to steal the user's cookie, redirect the user to a malicious website, etc.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database.
Source

Exploit-DB raw data:

# Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS
# Exploit Author: Jitendra Kumar Tripathi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html
# Version: 1
# Tested on Windows 10 + Xampp 8.0.3

XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: Customer Details

*Steps to reproduce:*
 Add Budget Title
 Payload : <script>alert(1)</script>
 Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.

Navigation

Suggest Exploit

Services By CQR