top of page
Writer's pictureHex Coder

CVE-2022-40470 Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0



Exploit Title: Cross Site Scripting in Blood Donor Management Using CodeIgniter - 1.0

Date: 9 Sep 2022

Exploit Author: RashidKhan Pathan

Version: v1.0

Tested on: Windows 10, Kali Linux

CVE : CVE-2022-40470


Description:

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature


Steps to Reproduce:

to exploit the vulnerability attacker needs to Login as Admin then inject arbitrary code in Add Blood Group Name Field and Click Submit and then go to Manage Blood Group once attacker go inside Manage Blood Group the Payload Will Execute


Proof Of Concept:

https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing


54 views0 comments

Comentários


bottom of page