| Titel | Project Worlds Visitor Management System unknown reflected Cross-Site Scripting (XSS) at dataset.php |
|---|
| Beschreibung | The Visitor Management System developed by Project Worlds is found to have a security vulnerability that exposes it to reflected Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access, data theft, or other security breaches.
### **Description:**
The application fails to properly validate and sanitize the user input received through the URL parameter **`name`**. As a result, an attacker can inject malicious scripts into the page, leading to the execution of arbitrary JavaScript code in the context of the victim's browser.
### **Proof of Concept:**
To demonstrate the exploit, an attacker can craft a URL with a malicious payload as follows:
1. Access the vulnerable page with the crafted URL:
https://localhost/Visitor%20Management%20System%20in%20PHP/datetest.php?name="><script>alert('torada')</script>
2. Upon loading the page, the injected script triggers an alert with the message 'torada', indicating successful exploitation.
project link
https://projectworlds.in/visitor-management-system-in-php-and-mysql/ |
|---|
| Quelle | ⚠️ https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4 |
|---|
| Benutzer | torada (UID 61170) |
|---|
| Einreichung | 14.01.2024 20:12 (vor 2 Jahren) |
|---|
| Moderieren | 17.01.2024 15:02 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 251376 [Project Worlds Visitor Management System 1.0 URL dataset.php Name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|