Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-38699 PoC — Tastylgniter 跨站脚本漏洞

Source
https://github.com/Justin-1993/CVE-2021-38699
Associated Vulnerability
Title:Tastylgniter 跨站脚本漏洞 (CVE-2021-38699)
Description:TastyIgniter是一个基于Laravel PHP Framework的免费开源在线订购软件,旨在让开发者和餐馆老板享受生活。 Tastylgniter 3.0.7存在跨站脚本漏洞,该漏洞源于软件中的/account, /reservation, /admin/dashboard, 和/admin/system_logs目录中缺少对于用户提交数据的有效验证。
Description
TastyIgniter 3.0.7 allows XSS via the name field during user-account creation
Readme
# CVE-2021-38699 TastyIgniter 3.0.7 allows XSS via the name field during user-account creation.


A Stored Cross Site Scripting Vulnerability exists in multiple pages of TastyIgniter v3.0.7 that allows for arbitrary execution of JavaScript. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699

Vulnerable Pages:
/account, /reservation, /admin/dashboard, /admin/system_logs

Vulnerable Payloads:
“><script> alert(1) </script> <script> alert(1) </script>


Found by Justin White and Matt Kiely | HuskyHacks, August 2021
File Snapshot

 [4.0K]  /data/pocs/181a6d7afbc7476934a5b4390737aca47a9068dc
└── [ 530]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.