Headline
Zoo Management System 1.0 Cross Site Scripting
Zoo Management System version suffers from a persistent cross site scripting vulnerability.
# Exploit Title: Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)# Date: 05/26/2022# Exploit Author: Angelo Pio Amirante# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: Server: XAMPP# Description:Zoo Management System 1.0 is vulnerable to a stored cross site scripting in “Add Classification” functionality of the admin panel.# Exploit:1)Goto: http://localhost/admin/public_html/admin_login and login with the provided credentials2)Goto: http://localhost/admin/public_html/save_classification3)The “Classification Display Name” and “Classification Table Name” are both vulnerable so you can put <script>alert(“xss”)</script> in one of them4)Goto: http://localhost/admin/public_html/view_classifications5) Stored XSS payload is fired# Image Poc:https://ibb.co/FXc5zLthttps://ibb.co/CtFSQrQ