| Titel | Cashier Queuing System v1.0 - Persistent XSS in Cashier Creation |
|---|
| Beschreibung | Description: A Persistent XSS in Cashier Queuing System v1.0 allows to inject Arbitrary JavaScript in new Cashier Creation.
Parameters:
Name
Payload:
<script>alert(document.domain)</script>
Steps:
1) Login into admin account
2) Now go to "Cashiers" tab and add a new cashier
3) Now in that "Name" parameter put the payload
Payload: <script>alert(document.domain)</script>
4) Now save the file and refresh the page and our payload has been executed |
|---|
| Benutzer | Hactron777 (UID 33897) |
|---|
| Einreichung | 17.10.2022 17:21 (vor 4 Jahren) |
|---|
| Moderieren | 18.10.2022 11:31 (18 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 211188 [SourceCodester Cashier Queuing System 1.0 Cashiers Tab Name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|