Enviar #271176: Codeastro Online Railway Reservation System 1 Cross-Site Scriptinginformación

TítuloCodeastro Online Railway Reservation System 1 Cross-Site Scripting
DescripciónProject Name: Online Railway Reservation System in PHP Vendor: codeastro.com Project Link: [Online Railway Reservation System]( https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/) Vulnerability Type: Multiple Cross-site Scripting Affected Parameter: http://localhost/ORRS-PHP/pass-profile.php Severity: Medium Description: The Online Railway Reservation System is vulnerable to multiple cross-site scripting attack in pass-profile.php when an attacker enters a script payload in the “First Name”, “Last Name”, “User Name” field at pass-signup.php page. When the user login the alert prompt will be popping up at pass-dashboard.php. Next if the user visit pass-profile.php multiple cross-site scripting alert will be popping up. Exploited Parameter: - Client First Name, Last Name, User Name Fields at pass-profile.php Payloads Used: <script>alert(“First_Name”)</script> <script>alert(“Last_Name”)</script> <script>alert(“Username_Name”)</script> Recommendations: 1. *Input Validation:* Implement strict input validation to prevent XSS injection. 2. *Update System:* Keep the Online Railway Reservation System, PHP, and server components up-to-date with the latest security patches. 3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities. 4. *Education:* Train application developers on secure coding practices, emphasizing input validation and secure database handling. Timeline: - Discovery Date: [22/01/2024]
Fuente⚠️ https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing
Usuario
 Mohammed Aashique (UID 62025)
Sumisión2024-01-22 05:58 (hace 2 años)
Moderación2024-01-22 12:08 (6 hours later)
EstadoAceptado
Entrada de VulDB251698 [CodeAstro Online Railway Reservation System 1.0 pass-profile.php First Name/Last Name/User Name secuencias de comandos en sitios cruzados]
Puntos20

Do you know our Splunk app?

Download it now for free!