提出 #264604: codeastro.com Web Application 1.0 Cross-Site Scripting (XSS)情報

タイトルcodeastro.com Web Application 1.0 Cross-Site Scripting (XSS)
説明Vulnerability Report: Introduction: This document provides details on the identification and assessment of a Cross-Site Scripting (XSS) vulnerability discovered in the Simple Banking System. System Overview: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Project Link: https://codeastro.com/simple-banking-system-in-php-with-source-code/ Description: A Cross-Site Scripting (XSS) vulnerability has been identified in the "createuser.php" page of the Simple Banking System. The vulnerability allows an attacker to inject and execute arbitrary scripts in the user's browser. Impact Assessment: Potential Impact: The XSS vulnerability enables an attacker to execute malicious scripts, leading to potential unauthorized access, data theft, or other malicious activities. Severity: High Mitigation Steps: Input Validation: Implement robust input validation to sanitize user inputs effectively. Output Encoding: Apply proper output encoding to prevent the execution of injected scripts. Content Security Policy (CSP): Enforce a strict Content Security Policy to mitigate XSS risks. Reproduction Steps: Access the following URL: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Input the payload <img src=1 href=1 onerror="javascript:alert(1)"></img> in relevant fields. Submit the form. Observe the execution of the payload, confirming the presence of the XSS vulnerability. Researcher: Name: ABHISHEK K A Contact: [email protected] Role: Cybersecurity Researcher Project Details: Project Name: Simple Banking System Vulnerability Type: Cross-site Scripting (XSS) Payload: <img src=1 href=1 onerror="javascript:alert(1)"></img> Input Parameter: http://192.168.50.83/SimpleBankingSystem-PHP/createuser.php Discovery Date: 08/01/2024 Source of Project: Obtained from codeastro.com Your Commitment: Responsible disclosure is committed, and the researcher will not publicly disclose the vulnerability until it has been appropriately addressed. Contact Information: Preferred Communication Method: [email protected] Timeline: Discovery Date: 08/01/2024
ソース⚠️ https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing
ユーザー ABHISHEK K.A (UID 61005)
送信2024年01月09日 07:38 (3 年 ago)
モデレーション2024年01月11日 13:22 (2 days later)
ステータス承諾済み
VulDBエントリ250442 [CodeAstro Online Food Ordering System 1.0 dishes.php res_id クロスサイトスクリプティング]
ポイント20

Do you know our Splunk app?

Download it now for free!