Library Management System 3.0 - "Add Category" Stored XSS

2020-12-22
ID: 103805
CVE: None
Download vulnerable application: None
# Exploit Title:  
# Exploit Author: Kislay Kumar
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://otsglobal.org/
# Software Link: https://codecanyon.net/item/library-management-system-22/16965307
# Affected Version: 3.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux

Step 1. Login as Admin.

Step 2. Select "Book" from menu and select "Categories" from sub menu and
after that click on "Add Category".

Step 3. Insert payload - "><img src onerror=alert(1)> in "Category Name"

Step 4. Now  Click on "Save" , Go to "Category" and See last , there you
will get alert box.
1-4-2 (www01)