| عنوان | SourceCodester Online Food Ordering System v2 2 Cross Site Scripting |
|---|
| الوصف | Vulnerability Description: Stored XSS Vulnerability in the Create New Account Form in the Online Food Ordering System v2 Allows a Remote Attacker to Inject or Store Arbitrary Code via the First Name and Last Name Fields.
Payload used: "><script src=data:,alert("Stored XSS")//
Attack Type: Remote
Impact: Code Execution
Affected Component(s): Online Food Ordering System v2 web interface
Attack Vector(s): An attacker could use the First Name and Last Name field of Create New Account form allows a Remote Attacker to Inject or Store Arbitrary Code.
Discover(s) Credits: Varshil
Steps:
1) Go to hxxp://TARGET[.]SITE, Click on Login then Click on Create New Account
2) In the ‘Create New Account’ form, insert the above-mentioned payload or any other valid filter bypass XSS payload in: 1) First Name, 2) Last Name
3) It will be stored in the database, and whenever any user clicks opens any page or refresh the code will be executed. |
|---|
| المستخدم | knoxpro (UID 74435) |
|---|
| ارسال | 08/09/2024 08:13 PM (2 سنوات منذ) |
|---|
| الاعتدال | 09/09/2024 11:22 AM (15 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 276831 [SourceCodester Online Food Ordering System 2.0 Create an Account Page index.php First Name/Last Name البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|