This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 244 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting # Exploit Author: George Tsimpidas # Date: 2021-03-25 # Vendor Homepage: www.sourcecodester.com # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip # Version : 1.0.0 # Tested on: Kali Linux 2020.4 # Category: Webapp # Description Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category #PoC 1. Login as admin : http://localhost/regis_inventory/index.php 2. Visit : http://localhost/regis_inventory/item.php 3. Click add a New Item and input your payload on "Generic Name" textbox. Payload : <script>alert("XSS")</script> 4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up Link to comment Share on other sites More sharing options...
Recommended Posts