| タイトル | SourceCodester PHP CRUD using PDO Connection with Free Source Code 1.0 Cross Site Scripting |
|---|
| 説明 | I would like to report a XSS injection vulnerability I discovered in the sourcecodester of the PHP CRUD using PDO Connection with Free Source Code during my testing.
Details:
Affected URL/Endpoint: /basic-crud/endpoint/add.php, /basic-crud/endpoint/update.php
Vulnerable Parameter: first_name, middle_name, last_name
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Click on Add or update button.
2) Use a proxy like burpsuite to intercept the "add" or "update request.
3) Input the payload to invoke the XSS injection.
---
table=tbl_customer&tbl_person_id=&first_name=%3Ch2%3Etest%3C%2Fh2%3E&middle_name=%3Ch2%3Etest%3C%2Fh2%3E&last_name=%3Ch2%3Etest%3C%2Fh2%3E
---
Please let me know if you need further information or a more detailed analysis. |
|---|
| ユーザー | Delvy (UID 74555) |
|---|
| 送信 | 2024年09月06日 12:58 (2 年 ago) |
|---|
| モデレーション | 2024年09月06日 23:36 (11 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 276783 [SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name クロスサイトスクリプティング] |
|---|
| ポイント | 17 |
|---|