| Titel | SourceCodester PHP CRUD using PDO Connection with Free Source Code 1.0 Cross Site Scripting |
|---|
| Beschreibung | I would like to report a XSS injection vulnerability I discovered in the sourcecodester of the PHP CRUD using PDO Connection with Free Source Code during my testing.
Details:
Affected URL/Endpoint: /basic-crud/endpoint/add.php, /basic-crud/endpoint/update.php
Vulnerable Parameter: first_name, middle_name, last_name
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Click on Add or update button.
2) Use a proxy like burpsuite to intercept the "add" or "update request.
3) Input the payload to invoke the XSS injection.
---
table=tbl_customer&tbl_person_id=&first_name=%3Ch2%3Etest%3C%2Fh2%3E&middle_name=%3Ch2%3Etest%3C%2Fh2%3E&last_name=%3Ch2%3Etest%3C%2Fh2%3E
---
Please let me know if you need further information or a more detailed analysis. |
|---|
| Benutzer | Delvy (UID 74555) |
|---|
| Einreichung | 06.09.2024 12:58 (vor 2 Jahren) |
|---|
| Moderieren | 06.09.2024 23:36 (11 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 276783 [SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|