CVE-2022-40470 PoC — PHPGurukul Blood Donor Management System 跨站脚本漏洞

Source

Associated Vulnerability

Description

Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0

Readme

# CVE-2022-40470
Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0

> [Suggested description]
> Phpgurukul Blood Donor Management System 1.0 allows Cross Site
> Scripting via Add Blood Group Name Feature.
>
> ------------------------------------------
>
> [Additional Information]
> PoC: https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Phpgurukul
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Blood Donor Management System Using CodeIgniter - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Source Code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> to exploit the vulnerability attacker needs to Login as Admin then inject arbitrary code in Add Blood Group Name Field and Click Submit and then go to Manage Blood Group once attacker go inside Manage Blood Group the Payload Will Execute
>
> ------------------------------------------
>
> [Reference]
> https://drive.google.com/file/d/1UDuez2CTscdWXYzyXLi3x8CMs9IWLL11/view?usp=sharing
>
> ------------------------------------------
>
> [Discoverer]
> RashidKhan Pathan

Use CVE-2022-40470.

File Snapshot

 [4.0K]  /data/pocs/e33665e10a5fa1468899ad7703c4024517827814
└── [1.5K]  README.md

0 directories, 1 file

Remarks