CVE-2022-33075 PoC — Zoo Management System 跨站脚本漏洞

Source

https://github.com/angelopioamirante/CVE-2022-33075

Associated Vulnerability

Title:Zoo Management System 跨站脚本漏洞 (CVE-2022-33075)
Description:PHPGURUKUL Zoo Management System是Phpgurukul团队的一个动物园管理系统。 Zoo Management System v1.0版本存在安全漏洞，该漏洞源于添加分类功能中存在跨站点脚本 (XSS) 漏洞。攻击者利用该漏洞通过未指定的向量执行任意 Web 脚本或 HTML。

Description

Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)

Readme

# CVE-2022-33075



# Exploit Title: Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)
# Date: 05/26/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Server: XAMPP
# CVE: 2022-33075

# Description:
Zoo Management System 1.0 is vulnerable to a stored cross site scripting in “Add Classification” functionality of the admin panel.

# Exploit:
1. Goto: http://localhost/admin/public_html/admin_login and login with the provided credentials
2. Goto: http://localhost/admin/public_html/save_classification
3. The “Classification Display Name” and “Classification Table Name” are both vulnerable so you can put <script>alert(“xss”)</script> in one of them
4. Goto: http://localhost/admin/public_html/view_classifications
5. Stored XSS payload is fired

# Image Poc:

- [XSS Payload](https://ibb.co/FXc5zLt)
- [XSS alert](https://ibb.co/CtFSQrQ)

File Snapshot


 [4.0K]  /data/pocs/8ba02fc98205cb4e256fe98da7da973bc618bbd1
└── [1.0K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!