| Titel | Cashier Queuing System v1.0 - Stored XSS |
|---|
| Beschreibung | Description: A Stored XSS in Cashier Queuing System v1.0 leads to Arbitrary JavaScript code injection in User Creation.
Vulnerable Parameters:
Name
Username
Payload:
<script>prompt(1)</script>
Steps:
1) Login into admin account
2) Now go to User list and in that click on "Add New"
3) Now create a user but in name and username put your payload
Payload: <script>prompt(1)</script>
4) Save the users and refresh the page and our payload has been executed |
|---|
| Benutzer | Hackpk (UID 33860) |
|---|
| Einreichung | 17.10.2022 17:07 (vor 4 Jahren) |
|---|
| Moderieren | 18.10.2022 11:30 (18 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 211187 [SourceCodester Cashier Queuing System 1.0.1 User Creation Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|