EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting

2020-12-02
ID: 103650
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Exploit Author: Soushikta Chowdhury
# Vendor Homepage:  http://egavilanmedia.com
# Software Link:  http://egavilanmedia.com/user-registration-and-login-system-with-admin-panel/
# Version: 1.0
# Tested on: Windows 10
# Contact: https://www.linkedin.com/in/soushikta-chowdhury/

Vulnerable Parameters: Full Name
Steps for reproduce:
1. Go to registration page
2. fill in the details & put <script>alert("soushikta")</script> payload in Full name.
3. Now goto Admin Panel. After entering go to Manage Users and go to the last page to check the newly added user. We could see that our payload gets executed.
1-4-2 (www02)