API tools faq
paste
Advertisement
geniusLion

CVE-2024-28456

geniusLion
Mar 27th, 2024
694
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.77 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: Online marriage registration system v1.0- Multiple XSS vulnerabilities
  2. # Date: 5-3-2024
  3. # Category: Web Application
  4. # Version: 3.3
  5. # Tested on: Windows/Kali
  6. # CVE: CVE-2024-28456
  7.  
  8.  
  9.  
  10. Description:
  11. ----------------
  12.  
  13. Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the the text fields in the marriage registration request form.
  14.  
  15.  
  16. XSS Payload
  17. ------------------
  18. <script>alert(1)</script>
  19.  
  20.  
  21. Steps to reproduce
  22. --------------------------
  23.  
  24. -Login with your creds
  25. -Navigate to registration form
  26. -Enter any XSS payload in the text fields and submit the form
  27. -These XSS payloads are executed when the admin tries to view the marriage registration request
  28.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!