PHP Stock Management System 1.02 - Multiple Persistent Cross Site Scripting Vulnerabilities

2014-09-08T00:00:00
ID 1337DAY-ID-22605
Type zdt
Reporter ​Ragha Deepthi
Modified 2014-09-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ​# Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities
in PHP Stock Management System 1.02
# Date: 25 Aug 2014
# Exploit Author: ​Ragha Deepthi K R
# Vendor Homepage: ​http://www.posnic.com/​
# Software Link:​ http://sourceforge.net/projects/stockmanagement/
# Version: ​1.02
# Tested on: Windows 7
 
#################################################
​PHP Stock Management System 1.02​ is vulnerable for ​multiple Persistent
Cross Site Scripting Vulnerabilit​ies.
The vulnerability affects 'sname'(Store Name Field), 'address'(Address
Field), 'place'(Place Field), 'city'(City Field), pin(Pin Field),
website(Website Field), email(Email Field) parameter​s​ while updating the
​store details in 'update_details.php' and when seen in 'view_report.php'
 
#################################################
Greetz :​ Syam !​

#  0day.today [2018-04-11]  #