Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-43117 PoC — Password Storage Application 跨站脚本漏洞

Source
https://github.com/RashidKhanPathan/CVE-2022-43117
Associated Vulnerability
Title:Password Storage Application 跨站脚本漏洞 (CVE-2022-43117)
Description:Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.
Readme
> [Suggested description]
> Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0
> was discovered to contain multiple cross-site scripting (XSS)
> vulnerabilities via the Name, Username, Description and Site Feature
> parameters.
>
> ------------------------------------------
>
> [Additional Information]
> Proof Of Concept: https://drive.google.com/file/d/1ZmAuKMVzUpL8pt5KXQJk8IyPECoVP9xw/view?usp=sharing
> Vendor Homepage: https://www.sourcecodester.com/php/15726/password-storage-application-phpoop-and-mysql-free-source-code.html
> Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/psa_php.zip
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Sourcecodester
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Password Storage Application in PHP/OOP and MySQL - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Source Code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> to Exploit this vulnerability attacker need to first create his account on http://localhost/psa_php/owner_registration.php, then login with created password after login, attacker need to inject arbitrary JavaScript code inside Name, Username, Description and Site field, and then click on save, once attacker clicks on save button the arbitrary JavaScript Payload will Execute
>
> ------------------------------------------
>
> [Reference]
> https://www.sourcecodester.com/php/15726/password-storage-application-phpoop-and-mysql-free-source-code.html
> https://drive.google.com/file/d/1ZmAuKMVzUpL8pt5KXQJk8IyPECoVP9xw/view?usp=sharing
>
> ------------------------------------------
>
> [Discoverer]
> RashidKhan Pathan

Use CVE-2022-43117
File Snapshot

 [4.0K]  /data/pocs/22bf5db2e935e2096f47bbc6fc5eeea162ecc3b7
└── [2.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →