| Title | Codeastro Restaurant POS System 1.0 Stored Cross-Site Script |
|---|
| Description |
The Restaurant POS System is vulnerable to cross-site scripting attack in “dashboard.php” when an attacker enters a script payload in the “Full Name” field of the “create_account.php” . When the User Logs in to the Dash Board, The XSS is Triggered. It is also triggered in other endpoints along with “admin/customes.php” on Admin Login.
Vulnerability Details
- Vulnerability Type: Stored XSS
- Affected URL: http://localhost/RestaurantPOS/Restro/customer/dashboard.php
- Affected URL: http://localhost/RestaurantPOS/Restro/admin/customes.php
- Exploited Parameter: “Full Name “ field at “create_account.php” .
-Payloads Used: <img src=x onerror=alert(document.cookie)>
Recommendations:
1. Input Validation: Implement strict input validation to prevent XSS injection.
2. Update System: Keep the Restaurant POS System , PHP, and server components up-to-date with the latest security patches.
3. Security Audits: Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. Education: The application developers on secure coding practices, emphasizing input validation and secure database handling. |
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing |
|---|
| User | VishnuDev1 (ID 63087) |
|---|
| Submission | 02/05/2024 14:30 (3 months ago) |
|---|
| Moderation | 02/06/2024 09:43 (19 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 253010 |
|---|