Alumni Management System 1.0 - "Course Form" Stored XSS

vendor:

Alumni Management System

by:

Aakash Madaan

5.5

CVSS

MEDIUM

Stored XSS

CWE

Product Name: Alumni Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Parrot OS

2020

Alumni Management System 1.0 – “Course Form” Stored XSS

The Alumni Management System 1.0 is vulnerable to a stored XSS attack in the "Course Form" field. By injecting the payload "<script>alert("course")</script>" as the name of a new course, an attacker can trigger the XSS payload, which will be executed whenever the "Course List" page is accessed.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented to prevent malicious scripts from being executed.

Source

Exploit-DB raw data:

# Exploit Title:  Alumni Management System 1.0 - "Course Form" Stored XSS
# Exploit Author: Aakash Madaan
# Date: 2020-12-10
# Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14524&title=Alumni+Management+System+using+PHP%2FMySQL+with+Source+Code
# Affected Version: Version 1
# Tested on: Parrot OS


Step 1. Login to the application with admin credentials

Step 2. Click on the "Course List" page.

Step 3. In the "Course Form" field, use XSS payload
"<script>alert("course")</script>" as the name of new course and click on
save.

Step 4. This should trigger the XSS payload and anytime you click on the
"Course List" page, your stored XSS payload will be triggered.