Skip to content

Instantly share code, notes, and snippets.

Created August 25, 2023 07:37
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Exploit Title: Free and Open Source inventory management system php source code -XSS Cross Site Scripting
Vendor of product:
Software Link:
Tested On: Linux
Attack type: Local
Steps to Reproduce -
1. Visit http://localhost/ample/login.php
2. Click on the "Register" button to navigate to the Registration page.
3. After clicking on "Register" we redirect to URL: http://localhost/ample/index.php?page=dashboard
4. go to Suppliar section http://localhost/ample/index.php?page=suppliar and add new
5. Use payload: "><script>alert(123)</script>
6. Click on add New Member
7. Click on Submit Use XSS payload ( "><script>alert(123)</script> ) put payload in Name, Address, Company Section
8. It reflected the value of 123.
Reference: CVE-2023-39714
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment