Submit #43711: The simple and beautiful PHP shopping cart system has XSS vulnerability.
| Title | The simple and beautiful PHP shopping cart system has XSS vulnerability. |
|---|---|
| Description | Simple and beautiful PHP shopping cart system CMS exist Cross-site scripting Vulnerability .The input variables are not protected and output is directly output. Attackers can construct malicious code to steal user and administrator cookies. Vulnerability file location:/mkshope/login.php look at this source code ``` if (isset($_GET['status'])) { $id=$_GET['status']; $msg=$_GET['msg']; <strong>Error:</strong> <?php echo $msg; ?>! ``` There is no protection for the `msg` here. The `msg` variable is directly output here. Here we can insert XSS statements to steal user cookies and other information. The construction statement is as follows ``` ?status=error&msg=<script>alert(document.cookie)</script> ``` https://s1.ax1x.com/2022/08/13/vNcnHA.png Source link https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
| Source | ⚠️ https:/ |
| User | qidian (ID 30810) |
| Submission | 2022年08月14日 11:36 (2 years ago) |
| Moderation | 2022年08月14日 12:31 (55 minutes later) |
| Accepted | 承諾済み |
| VulDB Entry | VDB-206401 |