| タイトル | Online Computer and Laptop Store There is a storage type cross site scripting attack at the brand name |
|---|
| 説明 | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In the backend of the system, brand names can be added, but user input is not verified here, and special matches are not escaped or filtered. When entering the following string, the JavaScript code will be executed. It should be noted that this will affect everyone using the system! Because after the user logs in to the system, the left column on the homepage is where the brand name is rendered. When the user logs in and accesses the system homepage, they will directly execute an XSS vulnerability, which is persistent. |
|---|
| ソース | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/5-%20There%20is%20a%20storage%20type%20cross%20site%20scripting%20attack%20at%20the%20brand%20name.pdf |
|---|
| ユーザー | muzishouchen (UID 36418) |
|---|
| 送信 | 2023年04月11日 18:00 (3 年 ago) |
|---|
| モデレーション | 2023年04月11日 18:41 (40 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 225536 [SourceCodester Online Computer and Laptop Store 1.0 brand Brand Name クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|