Share
## https://sploitus.com/exploit?id=D24A942D-E47F-5F20-B576-2E0CA55D2090
# CVE-2024-0652
A vulnerability was found in PHPgurukul visitor management system 1.0. it has been rated as problemic. Affected by the issue is some unknown functionality of the file search bar that called search-result.php and search-visitor.php . The vulnerability is Cross-Site-Scripting (XSS).
# Usage
One more Vulnerablity findings in PHPGURUKUL the name is Sql injection in Authentication Session.

Login

After login the account or bypass authentication through Sql injection then we need to go Search management in the top right side.

Payload

'"><svg/onload=confirm(/xsss/)>

<img width="923" alt="image" src="https://github.com/Agampreet-Singh/CVE-2024-0652/assets/73707055/e6ff69c1-3661-47bd-ab68-5bd5a0d823cc">


As You see i will search the code in Search Session.

![image](https://github.com/Agampreet-Singh/CVE-2024-0652/assets/73707055/e9ca961c-b2b0-4990-a037-0c066305f45d)

Xss Popup

According to the Scenario XSS vulnerability is valid in search-visitor or search-bar.php

# Video Tutorial 
![video](https://github.com/Agampreet-Singh/CVE-2024-0652/blob/main/CVE-2024-0652.mp4)