| Titolo | Codeastro Restaurant POS System 1.0 Stored Cross-Site Script |
|---|
| Descrizione |
The Restaurant POS System is vulnerable to cross-site scripting attack in “dashboard.php” when an attacker enters a script payload in the “Full Name” field of the “create_account.php” . When the User Logs in to the Dash Board, The XSS is Triggered. It is also triggered in other endpoints along with “admin/customes.php” on Admin Login.
Vulnerability Details
- Vulnerability Type: Stored XSS
- Affected URL: http://localhost/RestaurantPOS/Restro/customer/dashboard.php
- Affected URL: http://localhost/RestaurantPOS/Restro/admin/customes.php
- Exploited Parameter: “Full Name “ field at “create_account.php” .
-Payloads Used: <img src=x onerror=alert(document.cookie)>
Recommendations:
1. Input Validation: Implement strict input validation to prevent XSS injection.
2. Update System: Keep the Restaurant POS System , PHP, and server components up-to-date with the latest security patches.
3. Security Audits: Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. Education: The application developers on secure coding practices, emphasizing input validation and secure database handling. |
|---|
| Fonte | ⚠️ https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing |
|---|
| Utente | VishnuDev1 (UID 63087) |
|---|
| Sottomissione | 05/02/2024 14:30 (2 anni fa) |
|---|
| Moderazione | 06/02/2024 09:43 (19 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 253010 [CodeAstro Restaurant POS System 1.0 create_account.php Full Name cross site scripting] |
|---|
| Punti | 20 |
|---|