| Titel | Online Computer and Laptop Store have Stored xss |
|---|
| Beschreibung | The manager can use xss in the place where the product name is set in the background
Use the default account password "admin/admin&123" to log in url 'http://localhost:3456/php-ocls/admin/?page=product/manage_product&id=2'
Set the product name as follows
https://camo.githubusercontent.com/bb3885d06bcbf07a61544d2c394bdb4ff8ba986619429c2988acb536bb7085f0/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313930393131342e706e67
then click save
https://camo.githubusercontent.com/ae142b98e6129c7f69295676d1ec19eb90c15dc9c12db6c29e18e45adf5ded30/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313931303636332e706e67
Visiting the homepage will trigger xss
https://camo.githubusercontent.com/e63a04beb24984bcf8aa9134932db1bba3b43320ee351c35f7da309ac27f835a/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313931313433362e706e67
https://camo.githubusercontent.com/ac847537d1876eb83998e50118d346bb46b25dce284c3a8894d9f8a63ac02fa4/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313932363530382e706e67
github: https://github.com/v2ish1yan/mycve/blob/main/ocls.md |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html |
|---|
| Benutzer | v2ish1yan (UID 44333) |
|---|
| Einreichung | 04.04.2023 13:36 (vor 3 Jahren) |
|---|
| Moderieren | 05.04.2023 07:58 (18 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 224996 [SourceCodester Online Computer and Laptop Store 1.0 manage_product&id=2 Product Name Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|