Alumni Management System 1.0 Cross Site Scripting

Step 1. Go to sign up page

Step 2. In the “Last Name” field, use the following XSS payload
“> as the name and click on save.

Step 3. This should trigger the Stored XSS payload in admin panel users tab, once the admin login into the application to verify the registered users email address. The attacker steals the admin session cookie

Exploit

poc Cross Site Scripting

E-Learning System 1.0 SQL Injection / Shell Upload Previous

Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow Next