Daily Expense Tracker System 1.0 Cross Site Scripting

Daily Expense Tracker System version 1.0 suffers from a persistent cross site scripting vulnerability.

POC:

# Software: : Daily Expense Tracker System # Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script:
1) http://localhost/dets/user-profile.php
2)http://localhost/dets/add-expense.php
# Vulnerable parameters: ‘Full Name' and 'Item’
# Payload used: <script>alert(‘document.cookie’)</script>
# POC: When you view the details under the Manage Expense tab and User
Profile tab
# You will see your Javascript code executes.

Exploit

Cross Site Scripting

Backdoor.Win32.MiniBlackLash Denial Of Service Previous

Backdoor.Win32.Wollf.c Hardcoded Backdoor Password Next