إرسال #43182: Student-Admission CMS exist Cross-site scripting Vulnerabilityالمعلومات

عنوانStudent-Admission CMS exist Cross-site scripting Vulnerability
الوصفStudent-Admission CMS exist Cross-site scripting Vulnerability .The input variables are not protected and output is directly output. Attackers can construct malicious code to steal user and administrator cookies. Vulnerability file location:/admin/edit.php look at this source code ``` <?php print $_GET['eid'].', Name: '.$row["sname"]; ?>'s information</h3> ``` There is no protection for the eid here. The `eid` variable is directly output here. Here we can insert XSS statements to steal user cookies and other information. The construction statement is as follows ``` a=edit&eid=<script>alert(document.cookie)</script> ``` https://img-blog.csdnimg.cn/97f916b49a8a40fc89dd830e8ddfe19e.png Source link https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
المصدر⚠️ https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
المستخدم
 qidian (UID 30810)
ارسال10/08/2022 12:24 AM (4 سنوات منذ)
الاعتدال10/08/2022 07:31 AM (7 hours later)
الحالةتمت الموافقة
إدخال VulDB206016 [SourceCodester Simple Online Book Store System /admin/edit.php eid البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق

Want to know what is going to be exploited?

We predict KEV entries!