Vendor Homepage: https://www.sourcecodester.com/
Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
Zoo Management System 1.0 is vulnerable to a stored cross site scripting in “Add Classification” functionality of the admin panel.
- Goto: http://localhost/admin/public_html/admin_login and login with the provided credentials
- Goto: http://localhost/admin/public_html/save_classification
- The “Classification Display Name” and “Classification Table Name” are both vulnerable so you can put <script>alert(“xss”)</script> in one of them
- Goto: http://localhost/admin/public_html/view_classifications
- Stored XSS payload is fired