提出 #290263: SOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scripting情報

タイトルSOURCECODESTER Flashcard Quiz App Using PHP and MySQL 1.0 Cross Site Scripting
説明There is no input sanitization present when updating flashcards, making the web application vulnerable to XSS. Allows XSS by placing untrusted code on the parameters question and answer. Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters. Affected endpoint is /flashcard-quiz/endpoint/update-flashcard.php POC and additional information is available on github
ソース⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md
ユーザー
 reiginald (UID 64219)
送信2024年02月29日 02:06 (2 年 ago)
モデレーション2024年03月01日 08:28 (1 day later)
ステータス承諾済み
VulDBエントリ255387 [SourceCodester Flashcard Quiz App 1.0 update-flashcard.php question/answer クロスサイトスクリプティング]
ポイント19

概要

Might our Artificial Intelligence support you?

Check our Alexa App!