Skip to content

A vulnerability was found in PHPgurukul visitor management system 1.0. it has been rated as problemic. Affected by the issue is some unknown functionality of the file search bar that called search-result.php and search-visitor.php . The vulnerability is Cross-Site-Scripting (XSS).

Notifications You must be signed in to change notification settings

Agampreet-Singh/CVE-2024-25202

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-25202

A vulnerability was found in PHPgurukul visitor management system 1.0. it has been rated as problemic. Affected by the issue is some unknown functionality of the file search bar that called search-result.php and search-visitor.php . The vulnerability is Cross-Site-Scripting (XSS).

Usage

One more Vulnerablity findings in PHPGURUKUL the name is Sql injection in Authentication Session.

Login

After login the account or bypass authentication through Sql injection then we need to go Search management in the top right side.

Payload

'"><svg/onload=confirm(/xsss/)>

image

As You see i will search the code in Search Session.

image

Xss Popup

According to the Scenario XSS vulnerability is valid in search-visitor or search-bar.php

PoC (Proof Of Concept) Video Tutorial

CVE-2024-25202.mp4

About

A vulnerability was found in PHPgurukul visitor management system 1.0. it has been rated as problemic. Affected by the issue is some unknown functionality of the file search bar that called search-result.php and search-visitor.php . The vulnerability is Cross-Site-Scripting (XSS).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published