SchoolCMS - Persistent Cross-Site Scripting

EDB-ID:

23106

CVE:



Author:

VipVince

Type:

webapps


Platform:

PHP

Date:

2012-12-03


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Title: SchoolCMS Persistant XSS.
#Date: 03/12/12
#Author: VipVince
#Vendor: www.poweritschools.com
#Google Dork: /old_core/cal/eventform.php
#Tested on: Windows.

This is a Persistant XSS used in the software by many schools.

About 225 results (0.21 seconds) 

The vulnerability lies in the eventform.php file.

Entering your JavaScript into the form boxes and saving the event will store and trigger your persistent XSS script. Simplez. Have fun.