CVE-2020-23835: GitHub - boku7/tailorMS-rXSS-Keylogger: Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

• Use Git or checkout with SVN using the web URL.

• Open with GitHub Desktop

• Download ZIP

Latest commit

FilesPermalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

Exploit Title: Tailor MS v1.0 - Reflected XSS Key Logger****Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)

• Reflected Cross-Site Scripting (XSS) vulnerability in ‘index.php’ login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.
• OWASP Top Ten 2017: A7:2017-Cross-Site Scripting (XSS)
• CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) - Type 1: Reflected XSS
• CWE-523: Unprotected Transport of Credentials
• CVSS Base Score: 6.4
  • Impact Subscore: 4.7
  • Exploitability Subscore: 1.6
• CVSS v3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Vendor Homepage: https://www.sourcecodester.com****Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/tailor.zip****Tested On: Windows 10 Pro + XAMPP | Python 2.7

About

Reflected Cross-Site Scripting (XSS) vulnerability in ‘index.php’ login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

Resources

Readme

License

GPL-3.0 license

Stars

23 stars

Watchers

5 watching

Forks

6 forks