Soumettre #271176: Codeastro Online Railway Reservation System 1 Cross-Site Scriptinginformation

TitreCodeastro Online Railway Reservation System 1 Cross-Site Scripting
DescriptionProject Name: Online Railway Reservation System in PHP Vendor: codeastro.com Project Link: [Online Railway Reservation System]( https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/) Vulnerability Type: Multiple Cross-site Scripting Affected Parameter: http://localhost/ORRS-PHP/pass-profile.php Severity: Medium Description: The Online Railway Reservation System is vulnerable to multiple cross-site scripting attack in pass-profile.php when an attacker enters a script payload in the “First Name”, “Last Name”, “User Name” field at pass-signup.php page. When the user login the alert prompt will be popping up at pass-dashboard.php. Next if the user visit pass-profile.php multiple cross-site scripting alert will be popping up. Exploited Parameter: - Client First Name, Last Name, User Name Fields at pass-profile.php Payloads Used: <script>alert(“First_Name”)</script> <script>alert(“Last_Name”)</script> <script>alert(“Username_Name”)</script> Recommendations: 1. *Input Validation:* Implement strict input validation to prevent XSS injection. 2. *Update System:* Keep the Online Railway Reservation System, PHP, and server components up-to-date with the latest security patches. 3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities. 4. *Education:* Train application developers on secure coding practices, emphasizing input validation and secure database handling. Timeline: - Discovery Date: [22/01/2024]
La source⚠️ https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing
Utilisateur
 Mohammed Aashique (UID 62025)
Soumission22/01/2024 05:58 (il y a 2 ans)
Modérer22/01/2024 12:08 (6 hours later)
StatutAccepté
Entrée VulDB251698 [CodeAstro Online Railway Reservation System 1.0 pass-profile.php First Name/Last Name/User Name cross site scripting]
Points20

Do you know our Splunk app?

Download it now for free!