| Titel | SourceCodester Online Food Ordering System v2 2 Cross Site Scripting |
|---|
| Beschreibung | Vulnerability Description: Stored XSS Vulnerability in the Create New Account Form in the Online Food Ordering System v2 Allows a Remote Attacker to Inject or Store Arbitrary Code via the First Name and Last Name Fields.
Payload used: "><script src=data:,alert("Stored XSS")//
Attack Type: Remote
Impact: Code Execution
Affected Component(s): Online Food Ordering System v2 web interface
Attack Vector(s): An attacker could use the First Name and Last Name field of Create New Account form allows a Remote Attacker to Inject or Store Arbitrary Code.
Discover(s) Credits: Varshil
Steps:
1) Go to hxxp://TARGET[.]SITE, Click on Login then Click on Create New Account
2) In the ‘Create New Account’ form, insert the above-mentioned payload or any other valid filter bypass XSS payload in: 1) First Name, 2) Last Name
3) It will be stored in the database, and whenever any user clicks opens any page or refresh the code will be executed. |
|---|
| Benutzer | knoxpro (UID 74435) |
|---|
| Einreichung | 08.09.2024 20:13 (vor 2 Jahren) |
|---|
| Moderieren | 09.09.2024 11:22 (15 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 276831 [SourceCodester Online Food Ordering System 2.0 Create an Account Page index.php First Name/Last Name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|