Submit #308214: sourcecodester Computer Laboratory Management System 1.0 stord xssinfo

Titel	sourcecodester Computer Laboratory Management System 1.0 stord xss
Beschreibung	The provided code contains a Cross-Site Scripting (XSS) vulnerability due to inadequate validation and sanitization of user input. Specifically, the registration() method within the Users class lacks proper filtering of user-supplied data before incorporating it into SQL queries. This flaw enables an attacker to inject malicious scripts, such as JavaScript code, into the application. Exploiting this vulnerability allows attackers to execute arbitrary code within the context of an administrator's session. An attacker can craft a payload containing a malicious script and submit it through user input fields like firstname, middlename, lastname, or username. Upon viewing the user list, the injected script executes, leading to XSS attacks. This vulnerability poses significant risks, including data theft, session hijacking, and application defacement.
Quelle	⚠️ https://github.com/Sospiro014/zday1/blob/main/xss_1.md
Benutzer	SoSPiro (UID 67134)
Einreichung	01.04.2024 12:52 (vor 2 Jahren)
Moderieren	01.04.2024 19:42 (7 hours later)
Status	Akzeptiert
VulDB Eintrag	258915 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save middlename Cross Site Scripting]
Punkte	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!