Title | The simple and beautiful PHP shopping cart system has XSS vulnerability. |
---|
Description | Simple and beautiful PHP shopping cart system CMS exist Cross-site scripting Vulnerability .The input variables are not protected and output is directly output. Attackers can construct malicious code to steal user and administrator cookies.
Vulnerability file location:/mkshope/login.php
look at this source code
```
if (isset($_GET['status'])) {
$id=$_GET['status'];
$msg=$_GET['msg'];
<strong>Error:</strong> <?php echo $msg; ?>!
```
There is no protection for the `msg` here. The `msg` variable is directly output here. Here we can insert XSS statements to steal user cookies and other information. The construction statement is as follows
```
?status=error&msg=<script>alert(document.cookie)</script>
```
https://s1.ax1x.com/2022/08/13/vNcnHA.png
Source link
https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
---|
Source | ⚠️ https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
---|
User | qidian (ID 30810) |
---|
Submission | 08/14/2022 11:36 (2 years ago) |
---|
Moderation | 08/14/2022 12:31 (55 minutes later) |
---|
Status | Accepted |
---|
VulDB Entry | 206401 |
---|