जमा करें #274334: Source Coder Facebook News Feed Like using PHP/MySQL with Source Code v1.0 XSS ( Cross site scripting in update profile)जानकारी

शीर्षकSource Coder Facebook News Feed Like using PHP/MySQL with Source Code v1.0 XSS ( Cross site scripting in update profile)
विवरण# Exploit Title: Facebook News Feed Like using PHP/MySQL with Source Code Stored XSS in "Update profile" # Exploit Author: Ritik Dewan # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description: A multiple stored XSS in update profile in Facebook News Feed Like using PHP/MySQL with Source Code v1.0 allows an attacker to input arbitrary JavaScript code into those vulnerable parameters. Vulnerable Parameters: First Name Last Name Payload: <script>alert(1)</script> Steps: 1)Create a new account. 2) Now enter the required details , after doing this your account has been created and you will redirected to dashboard. 3) Go to my profile now in parameters "First Name" and "Last Name" put your payload and save it. Payload: <script>alert(1)</script> 4) Now save the user profile and our payload has been executed.
उपयोगकर्ता
 dewanritik (UID 33804)
सबमिशन28/01/2024 03:45 PM (2 साल पहले)
संयम29/01/2024 12:03 PM (20 hours later)
स्थितिस्वीकृत
VulDB प्रविष्टि252292 [SourceCodester Facebook News Feed Like 1.0 New Account First Name/Last Name क्रॉस साइट स्क्रिप्टिंग]
अंक17

Do you need the next level of professionalism?

Upgrade your account now!