إرسال #264604: codeastro.com Web Application 1.0 Cross-Site Scripting (XSS)المعلومات

عنوانcodeastro.com Web Application 1.0 Cross-Site Scripting (XSS)
الوصفVulnerability Report: Introduction: This document provides details on the identification and assessment of a Cross-Site Scripting (XSS) vulnerability discovered in the Simple Banking System. System Overview: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Project Link: https://codeastro.com/simple-banking-system-in-php-with-source-code/ Description: A Cross-Site Scripting (XSS) vulnerability has been identified in the "createuser.php" page of the Simple Banking System. The vulnerability allows an attacker to inject and execute arbitrary scripts in the user's browser. Impact Assessment: Potential Impact: The XSS vulnerability enables an attacker to execute malicious scripts, leading to potential unauthorized access, data theft, or other malicious activities. Severity: High Mitigation Steps: Input Validation: Implement robust input validation to sanitize user inputs effectively. Output Encoding: Apply proper output encoding to prevent the execution of injected scripts. Content Security Policy (CSP): Enforce a strict Content Security Policy to mitigate XSS risks. Reproduction Steps: Access the following URL: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Input the payload <img src=1 href=1 onerror="javascript:alert(1)"></img> in relevant fields. Submit the form. Observe the execution of the payload, confirming the presence of the XSS vulnerability. Researcher: Name: ABHISHEK K A Contact: [email protected] Role: Cybersecurity Researcher Project Details: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Payload: <img src=1 href=1 onerror="javascript:alert(1)"></img> Input Parameter: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Discovery Date: 08/01/2024 Source of Project: Obtained from codeastro.com Your Commitment: Responsible disclosure is committed, and the researcher will not publicly disclose the vulnerability until it has been appropriately addressed. Contact Information: Preferred Communication Method: [email protected] Timeline: Discovery Date: 08/01/2024
المصدر⚠️ https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing
المستخدم ABHISHEK K.A (UID 61005)
ارسال09/01/2024 07:38 AM (3 سنوات منذ)
الاعتدال11/01/2024 01:22 PM (2 days later)
الحالةتمت الموافقة
إدخال VulDB250442 [CodeAstro Online Food Ordering System 1.0 dishes.php res_id البرمجة عبر المواقع]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!