Enviar #270344: Codeastro Internet Banking System in PHP 1 Cross-Site Scriptinginformación

TítuloCodeastro Internet Banking System in PHP 1 Cross-Site Scripting
DescripciónProject Name: Internet Banking System in PHP Vendor: codeastro.com Project Link: [Internet Banking System]( https://codeastro.com/internet-banking-system-in-php-with-source-code/) Vulnerability Type: Cross-site Scripting Affected Parameter: http://localhost/InternetBanking-PHP/client/pages_dashboard.php Severity: Medium Description: The Internet Banking System is vulnerable to a cross site scripting attack in pages_dashboard.php when an attacker enters a script payload in the “Client Full Name” field at pages_client_signup.php page. The alert will trigger when the user gets logged in. Exploited Parameter: - Client Full Name Field at pages_client_signup.php Payloads Used: <script>alert(“Vulnerable”)</script> Recommendations: 1. *Input Validation:* Implement strict input validation to prevent XSS injection. 2. *Update System:* Keep the Real Estate Management System, PHP, and server components up-to-date with the latest security patches. 3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities. 4. *Education:* Train developers on secure coding practices, emphasizing input validation and secure database handling. Timeline: - Discovery Date: [19/01/2024]
Fuente⚠️ https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing
Usuario
 Mohammed Aashique (UID 62025)
Sumisión2024-01-19 18:18 (hace 2 años)
Moderación2024-01-21 17:18 (2 days later)
EstadoAceptado
Entrada de VulDB251677 [CodeAstro Internet Banking System 1.0 pages_client_signup.php Client Full Name secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!