Headline

E-Insurance 1.0 Cross Site Scripting

E-Insurance version 1.0 suffers from a persistent cross site scripting vulnerability.

6 months ago

#sql #xss #vulnerability #windows #google #git #php #auth

# Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)# Google Dork: NA# Date: 28-03-2024# Exploit Author: Sandeep Vishwakarma# Vendor Homepage: https://www.sourcecodester.com# Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html# Version: v1.0# Tested on: Windows 10# Description: Stored Cross Site Scripting vulnerability in E-INSUARANCE -v1.0 allows an attacker to execute arbitrary code via a crafted payload tothe Firstname and lastname parameter in the profile component.# POC:1. After login goto http://127.0.0.1/E-Insurance/Script/admin/?page=profile2. In fname & lname parameter add payolad"><script>alert("Hacked_by_Sandy")</script>3. click on submit.# Reference:https://github.com/hackersroot/CVE-PoC/blob/main/CVE-2024-29411.md

Packet Storm: Latest News

Grav CMS 1.7.44 Server-Side Template Injection

1 day ago

Packet Storm

Ruby-SAML / GitLab Authentication Bypass

1 day ago

Packet Storm

iTunes For Windows 12.13.2.3 Local Privilege Escalation

1 day ago

Packet Storm

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution

1 day ago

Packet Storm

ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution

1 day ago

Packet Storm