PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities

EDB-ID:

34405

CVE:





Platform:

PHP

Date:

2014-08-25


​# Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities
in PHP Stock Management System 1.02
# Date: 25 Aug 2014
# Exploit Author: ​Ragha Deepthi K R
# Vendor Homepage: ​http://www.posnic.com/​
# Software Link:​ http://sourceforge.net/projects/stockmanagement/
# Version: ​1.02
# Tested on: Windows 7

#################################################
​PHP Stock Management System 1.02​ is vulnerable for ​multiple Persistent
Cross Site Scripting Vulnerabilit​ies.
The vulnerability affects 'sname'(Store Name Field), 'address'(Address
Field), 'place'(Place Field), 'city'(City Field), pin(Pin Field),
website(Website Field), email(Email Field) parameter​s​ while updating the
​store details in 'update_details.php' and when seen in 'view_report.php'

#################################################
Greetz :​ Syam !​