Submit #270344: Codeastro Internet Banking System in PHP 1 Cross-Site Scriptinginfo

TitelCodeastro Internet Banking System in PHP 1 Cross-Site Scripting
BeschreibungProject Name: Internet Banking System in PHP Vendor: codeastro.com Project Link: [Internet Banking System]( https://codeastro.com/internet-banking-system-in-php-with-source-code/) Vulnerability Type: Cross-site Scripting Affected Parameter: http://localhost/InternetBanking-PHP/client/pages_dashboard.php Severity: Medium Description: The Internet Banking System is vulnerable to a cross site scripting attack in pages_dashboard.php when an attacker enters a script payload in the “Client Full Name” field at pages_client_signup.php page. The alert will trigger when the user gets logged in. Exploited Parameter: - Client Full Name Field at pages_client_signup.php Payloads Used: <script>alert(“Vulnerable”)</script> Recommendations: 1. *Input Validation:* Implement strict input validation to prevent XSS injection. 2. *Update System:* Keep the Real Estate Management System, PHP, and server components up-to-date with the latest security patches. 3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities. 4. *Education:* Train developers on secure coding practices, emphasizing input validation and secure database handling. Timeline: - Discovery Date: [19/01/2024]
Quelle⚠️ https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing
Benutzer
 Mohammed Aashique (UID 62025)
Einreichung19.01.2024 18:18 (vor 2 Jahren)
Moderieren21.01.2024 17:18 (2 days later)
StatusAkzeptiert
VulDB Eintrag251677 [CodeAstro Internet Banking System 1.0 pages_client_signup.php Client Full Name Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!