Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-3992 PoC — SourceCodester Sanitization Management System Banner Image cross site scripting

Source
https://github.com/Urban4/CVE-2022-3992
Associated Vulnerability
Title:SourceCodester Sanitization Management System Banner Image cross site scripting (CVE-2022-3992)
Description:A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
Description
Cross Site Scripting on sanitization-management-system
Readme
# CVE-2022-3992
Cross-Site Scripting in WonderCMS

Description: A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0 allows potential attackers to upload arbitrary files via a crafted name into the system logo Fields of the System Info Fields. The cookie has no HttpOnly Flag this could be used to steal the cookies of logged-in users.
How To Reproduce:
<img width="1440" alt="Screen Shot 2022-11-19 at 12 25 34 PM" src="https://user-images.githubusercontent.com/81638590/202848956-49ec4e04-1ade-4ddb-90e3-2a835a764a53.png">
<img width="1403" alt="Screen Shot 2022-11-19 at 12 27 18 PM" src="https://user-images.githubusercontent.com/81638590/202848980-b38c9704-4cd3-462e-8215-4a7364a8c6ba.png">
<img width="1435" alt="Screen Shot 2022-11-19 at 12 31 03 PM" src="https://user-images.githubusercontent.com/81638590/202848992-b14918ba-53d6-43a5-b9c1-3da49069785d.png">
File Snapshot

 [4.0K]  /data/pocs/1df62d284ca4a0dbea48cbee443fb0bffb3cdcaf
└── [ 896]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →