| Titre | Codeastro Online Railway Reservation System 1 Cross-Site Scripting |
|---|
| Description | Project Name: Online Railway Reservation System in PHP
Vendor: codeastro.com
Project Link: [Online Railway Reservation System]( https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/)
Vulnerability Type: Multiple Cross-site Scripting
Affected Parameter: http://localhost/ORRS-PHP/pass-profile.php
Severity: Medium
Description:
The Online Railway Reservation System is vulnerable to multiple cross-site scripting attack in pass-profile.php when an attacker enters a script payload in the “First Name”, “Last Name”, “User Name” field at pass-signup.php page. When the user login the alert prompt will be popping up at pass-dashboard.php. Next if the user visit pass-profile.php multiple cross-site scripting alert will be popping up.
Exploited Parameter:
- Client First Name, Last Name, User Name Fields at pass-profile.php
Payloads Used:
<script>alert(“First_Name”)</script>
<script>alert(“Last_Name”)</script>
<script>alert(“Username_Name”)</script>
Recommendations:
1. *Input Validation:* Implement strict input validation to prevent XSS injection.
2. *Update System:* Keep the Online Railway Reservation System, PHP, and server components up-to-date with the latest security patches.
3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. *Education:* Train application developers on secure coding practices, emphasizing input validation and secure database handling.
Timeline:
- Discovery Date: [22/01/2024] |
|---|
| La source | ⚠️ https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing |
|---|
| Utilisateur | Mohammed Aashique (UID 62025) |
|---|
| Soumission | 22/01/2024 05:58 (il y a 2 ans) |
|---|
| Modérer | 22/01/2024 12:08 (6 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 251698 [CodeAstro Online Railway Reservation System 1.0 pass-profile.php First Name/Last Name/User Name cross site scripting] |
|---|
| Points | 20 |
|---|