Submit #43182: Student-Admission CMS exist Cross-site scripting Vulnerabilityinfo

TitelStudent-Admission CMS exist Cross-site scripting Vulnerability
BeschreibungStudent-Admission CMS exist Cross-site scripting Vulnerability .The input variables are not protected and output is directly output. Attackers can construct malicious code to steal user and administrator cookies. Vulnerability file location:/admin/edit.php look at this source code ``` <?php print $_GET['eid'].', Name: '.$row["sname"]; ?>'s information</h3> ``` There is no protection for the eid here. The `eid` variable is directly output here. Here we can insert XSS statements to steal user cookies and other information. The construction statement is as follows ``` a=edit&eid=<script>alert(document.cookie)</script> ``` https://img-blog.csdnimg.cn/97f916b49a8a40fc89dd830e8ddfe19e.png Source link https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
Quelle⚠️ https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
Benutzer
 qidian (UID 30810)
Einreichung10.08.2022 00:24 (vor 4 Jahren)
Moderieren10.08.2022 07:31 (7 hours later)
StatusAkzeptiert
VulDB Eintrag206016 [SourceCodester Simple Online Book Store System /admin/edit.php eid Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!