Skip to content

Instantly share code, notes, and snippets.

@Arajawat007
Created August 25, 2023 07:37
Show Gist options
  • Save Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457 to your computer and use it in GitHub Desktop.
Save Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457 to your computer and use it in GitHub Desktop.
CVE-2023-39712
Exploit Title: Free and Open Source inventory management system php source code -XSS Cross Site Scripting
Vendor of product: https://www.sourcecodester.com
Software Link: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html
Tested On: Linux
Attack type: Local
Steps to Reproduce -
1. Visit http://localhost/ample/login.php
2. Click on the "Register" button to navigate to the Registration page.
3. After clicking on "Register" we redirect to URL: http://localhost/ample/index.php?page=dashboard
4. go to Suppliar section http://localhost/ample/index.php?page=suppliar and add new
5. Use payload: "><script>alert(123)</script>
6. Click on add New Member
7. Click on Submit Use XSS payload ( "><script>alert(123)</script> ) put payload in Name, Address, Company Section
8. It reflected the value of 123.
Reference: CVE-2023-39712
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment