| عنوان | Online Computer and Laptop Store There is a storage type cross site scripting attack at the brand name |
|---|
| الوصف | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In the backend of the system, brand names can be added, but user input is not verified here, and special matches are not escaped or filtered. When entering the following string, the JavaScript code will be executed. It should be noted that this will affect everyone using the system! Because after the user logs in to the system, the left column on the homepage is where the brand name is rendered. When the user logs in and accesses the system homepage, they will directly execute an XSS vulnerability, which is persistent. |
|---|
| المصدر | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/5-%20There%20is%20a%20storage%20type%20cross%20site%20scripting%20attack%20at%20the%20brand%20name.pdf |
|---|
| المستخدم | muzishouchen (UID 36418) |
|---|
| ارسال | 11/04/2023 06:00 PM (3 سنوات منذ) |
|---|
| الاعتدال | 11/04/2023 06:41 PM (40 minutes later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 225536 [SourceCodester Online Computer and Laptop Store 1.0 brand Brand Name البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|