| Título | Online Computer and Laptop Store There is a storage type cross site scripting attack at the brand name |
|---|
| Descripción | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In the backend of the system, brand names can be added, but user input is not verified here, and special matches are not escaped or filtered. When entering the following string, the JavaScript code will be executed. It should be noted that this will affect everyone using the system! Because after the user logs in to the system, the left column on the homepage is where the brand name is rendered. When the user logs in and accesses the system homepage, they will directly execute an XSS vulnerability, which is persistent. |
|---|
| Fuente | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/5-%20There%20is%20a%20storage%20type%20cross%20site%20scripting%20attack%20at%20the%20brand%20name.pdf |
|---|
| Usuario | muzishouchen (UID 36418) |
|---|
| Sumisión | 2023-04-11 18:00 (hace 3 años) |
|---|
| Moderación | 2023-04-11 18:41 (40 minutes later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 225536 [SourceCodester Online Computer and Laptop Store 1.0 brand Brand Name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|