Exploit Title: Cross Site Scripting in Blood Donor Management Using CodeIgniter - 1.0
Date: 9 Sep 2022
Exploit Author: RashidKhan Pathan
Version: v1.0
Tested on: Windows 10, Kali Linux
CVE : CVE-2022-40470
Description:
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature
Steps to Reproduce:
to exploit the vulnerability attacker needs to Login as Admin then inject arbitrary code in Add Blood Group Name Field and Click Submit and then go to Manage Blood Group once attacker go inside Manage Blood Group the Payload Will Execute
Proof Of Concept:
https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing
Comentários