| タイトル | code-projects.org Social Networking Site 1.0 Stored XSS (CROSS SITE SCRIPTING) |
|---|
| 説明 | Stored Cross-Site Scripting is a security vulnerability that arises when an attacker injects malicious
scripts into a web application, with the injected payload being stored on the server. Unlike typical
XSS attacks, where attackers directly witness the impact of their scripts, Stored XSS involves triggering
the stored payload directly, and impacting the other users.In this application the stored xss was found in http://localhost/socialsite/message.php in message option where we can message each user and it was displayed in Home page http://localhost/socialsite/home.php.When we tried xss payload it got stored and when ever a new user registers and logins stored xss will get triggered and gets executed in which attackers can use this way to steal the users cookies and session ids.The impact of stored xss can lead to the unauthorized access of sensitive data, distribution of malicious content, and compromise of user trust, potentially causing widespread damage to individuals and organizations. |
|---|
| ソース | ⚠️ https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link |
|---|
| ユーザー | harivignesh (UID 61478) |
|---|
| 送信 | 2024年01月15日 13:26 (2 年 ago) |
|---|
| モデレーション | 2024年01月19日 10:45 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 251546 [code-projects Social Networking Site 1.0 Message Page message.php Story クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|