| शीर्षक | online-banking-system web 1 xss vulnerability |
|---|
| विवरण | A discussion about an XSS vulnerability in an online banking system, focusing on a specific XSS flaw: - Root cause of the vulnerability: In the /net-banking/customer_add_action.php file, user input variables (such as $sql1, $sql4) and database error information ($conn->error) are not HTML-escaped and are output directly to the HTML page, leading to an XSS vulnerability;- How to trigger the vulnerability: On the /customer_add.php page, entering <script>alert(1)</script> in input fields such as "First Name" will, if a database error occurs upon submission, trigger an XSS alert. |
|---|
| स्रोत | ⚠️ https://github.com/mhszed/Report/blob/main/online-banking-system-mastercustomer_home.php%20xss1.docx |
|---|
| उपयोगकर्ता | mahushuai (UID 91047) |
|---|
| सबमिशन | 28/09/2025 11:00 AM (8 महीनों पहले) |
|---|
| संयम | 05/10/2025 05:39 PM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 327216 [langleyfcu Online Banking System तक 57437e6400ce0ae240e692c24e6346b8d0c17d7a Add Customer Page /customer_add_action.php First Name क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|