CVE-2022-43097 PoC — User Management System 跨站脚本漏洞

Source

https://github.com/nibin-m/CVE-2022-43097

Associated Vulnerability

Title:User Management System 跨站脚本漏洞 (CVE-2022-43097)
Description:User Management System是Anuj Kumar个人开发者的一个使用存储过程的 Php 用户管理系统。 Phpgurukul User Registration & User Management System v3.0版本存在安全漏洞，攻击者利用该漏洞可以通过注册表单和登录页面的firstname 和 lastname参数进行跨站脚本攻击。

Description

All details about CVE-2022-43097

Readme

# CVE-2022-43097
All details about CVE-2022-43097

Software: Phpgurukul User Registration & User Management System v3.0

Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/

Description: Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the first name and last name parameters of the registration form & login pages.

Vulnerability Type: Stored Cross Site Scripting (XSS)

Affected Product Code Base: User Registration & Login and User Management System With admin panel

Affected Component: http://127.0.0.1/login.php, http://127.0.0.1/welcome.php

Attack Type: Remote

Attack Vectors: Malicious payload get saved on to the webserver as first name and last name.

File Snapshot


 [4.0K]  /data/pocs/ba0358dce4dd1b3867659599756bfeae34c7b49f
└── [ 817]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!