Soumettre #264604: codeastro.com Web Application 1.0 Cross-Site Scripting (XSS)information

Titrecodeastro.com Web Application 1.0 Cross-Site Scripting (XSS)
DescriptionVulnerability Report: Introduction: This document provides details on the identification and assessment of a Cross-Site Scripting (XSS) vulnerability discovered in the Simple Banking System. System Overview: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Project Link: https://codeastro.com/simple-banking-system-in-php-with-source-code/ Description: A Cross-Site Scripting (XSS) vulnerability has been identified in the "createuser.php" page of the Simple Banking System. The vulnerability allows an attacker to inject and execute arbitrary scripts in the user's browser. Impact Assessment: Potential Impact: The XSS vulnerability enables an attacker to execute malicious scripts, leading to potential unauthorized access, data theft, or other malicious activities. Severity: High Mitigation Steps: Input Validation: Implement robust input validation to sanitize user inputs effectively. Output Encoding: Apply proper output encoding to prevent the execution of injected scripts. Content Security Policy (CSP): Enforce a strict Content Security Policy to mitigate XSS risks. Reproduction Steps: Access the following URL: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Input the payload <img src=1 href=1 onerror="javascript:alert(1)"></img> in relevant fields. Submit the form. Observe the execution of the payload, confirming the presence of the XSS vulnerability. Researcher: Name: ABHISHEK K A Contact: [email protected] Role: Cybersecurity Researcher Project Details: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Payload: <img src=1 href=1 onerror="javascript:alert(1)"></img> Input Parameter: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Discovery Date: 08/01/2024 Source of Project: Obtained from codeastro.com Your Commitment: Responsible disclosure is committed, and the researcher will not publicly disclose the vulnerability until it has been appropriately addressed. Contact Information: Preferred Communication Method: [email protected] Timeline: Discovery Date: 08/01/2024
La source⚠️ https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing
Utilisateur ABHISHEK K.A (UID 61005)
Soumission09/01/2024 07:38 (il y a 3 ans)
Modérer11/01/2024 13:22 (2 days later)
StatutAccepté
Entrée VulDB250442 [CodeAstro Online Food Ordering System 1.0 dishes.php res_id cross site scripting]
Points20

Interested in the pricing of exploits?

See the underground prices here!