Stored XSS Vulnerability on RosarioSIS 8.2.1Docker RosarioSIS
=================
## Installation
Minimum requirements: [Docker](https://www.docker.com/) & Git working.
You can pull the image from [DockerHub](https://hub.docker.com/r/rosariosis/rosariosis) or:
1. docker on
```bash
$ git clone https://github.com/dnr6419/CVE-2021-45416.git
$ cd CVE-2021-45416
$ docker-compose up -d
```
2. Visit the URL and Install the Database
<pre>
http://YOURIP:80/InstallDatabase.php
</pre>
3. Than, Go to the [http://YOURIP:80/InstallDatabase.php]
4. Default admin/password is "admin/admin"
5. Go to the Scheduling -> Student Schedule
<img src="https://user-images.githubusercontent.com/43310843/153820116-b8cc67b9-1ac3-4aff-95ee-837548bd2d27.png" width="70%" height="20%">
6. Course Choose and click the search
<img src="https://user-images.githubusercontent.com/43310843/153820615-eddcbe92-31c9-4d7a-ad8e-0d0b98edfa68.png" width="70%" height="20%">
7. Input the XSS payload
<img src="https://user-images.githubusercontent.com/43310843/153820700-4be9143d-1dfd-4699-a7b6-28743d9ee940.png" width="70%" height="20%">
8. You can See the alert
<img src="https://user-images.githubusercontent.com/43310843/153820773-c0d7901b-96f7-4e8d-bdfe-0de54d4dba2c.png" width="70%" height="20%">
#### referernce
https://github.com/86x/CVE-2021-45416<br>
https://github.com/francoisjacquet/docker-rosariosis
[4.0K] /data/pocs/9e5f52355f57a3017c4e1b26ab9f882c34c42edb
├── [4.0K] bin
│ ├── [ 374] init
│ └── [ 71] start-apache2
├── [4.0K] conf
│ ├── [1.8K] config.inc.php
│ └── [ 232] supervisord.conf
├── [ 436] docker-compose.yml
├── [1.6K] Dockerfile
├── [1.1K] LICENSE
├── [1.3K] README.md
└── [9.0M] rosariosis-v8.2.1.tar.gz
2 directories, 9 files