提出 #344504: SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting情報

タイトルSourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting
説明# Exploit Title: Online Car Wash Booking System - Stored XSS # Exploit Author: darkrai069 # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html # Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html # Version: v1.0 # Tested on: Windows 10, Apache ` Description:- A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name". ` Payload used:- <script>confirm (document.cookie)</script> ` Parameter":- First Name: <script>confirm (document.cookie)</script> Last Name: <script>confirm (document.cookie)</script> ` Steps to reproduce:- 1. Login into your admin account 2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user 3. In that "First Name" and " Last Name " parameter put the payload. <script>confirm (document.cookie)</script> 4. As you can see our payload has been executed.
ユーザー
 Anonymous User
送信2024年05月25日 15:19 (2 年 ago)
モデレーション2024年05月25日 20:27 (5 hours later)
ステータス承諾済み
VulDBエントリ266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name クロスサイトスクリプティング]
ポイント17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!