Home Tools Exploits & CVE's Blood Donor Management System 1.0 Cross Site Scripting

Blood Donor Management System 1.0 Cross Site Scripting

August 16, 2023

240

Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Blood Donor Management System - Stored XSS
# Application: Blood Donor Management System
# Version: v1.0   
# Bugs:  Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/
# Date: 15.08.2023
# Author: Ehlullah Albayrak
# Tested on: Windows


#POC
========================================
1. Login to user account
2. Go to Profile 
3. Change "State" input and add "<script>alert("xss")</script>" payload.
4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.

#Payload: <script>alert("xss")</script>

Blood Donor Management System 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

EQS Integrity Line Cross Site Scripting / Information Disclosure

Linux PT_SUSPEND_SECCOMP Permission Bypass / Ptracer Death Race

Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation