| عنوان | code-projects Simple Online Hotel Reservation System 1.0 Cross site scripting |
|---|
| الوصف | 1. Access the reservation link and identify vulnerable input fields (Firstname and Lastname).
2. Capture the request in BurpSuite to bypass initial payload rejection.
3. Insert XSS payload (<script>alert(1)</script>) in either field and send the request.
4. Reservation details, visible only to administrators, trigger the payload upon viewing.
5. Blind XSS payload can lead to stealing admin cookies for account takeover. |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing |
|---|
| المستخدم | mallutrojan (UID 60819) |
|---|
| ارسال | 11/01/2024 07:59 PM (2 سنوات منذ) |
|---|
| الاعتدال | 12/01/2024 03:15 PM (19 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 250618 [code-projects Simple Online Hotel Reservation System 1.0 Make a Reservation Page add_reserve.php Firstname/Lastname البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|