| 제목 | Stored cross-site scripting vulnerability via Room/Cottage Number field on manage_room in resort reservation system |
|---|
| 설명 | ## Summary:
I have discovered that the Stored cross-site scripting vulnerability via Room/Cottage Number field on manage_room in resort management system.
## Vendor:
https://www.sourcecodester.com/php/16447/resort-reservation-system-php-and-sqlite3-source-code-free-download.html
## Name:
Resort management system
## Version:
v1.0
## Proof Of Concept:
1. Login to the application and go to http://192.168.1.7/php-sqlite-rrs/?page=rooms
2. Click add room button
3. Input the [1] in Room/Cottage Number field
4. Enter any random data in other fields
5. Save
6. Stored XSS
[1] - <script/"<a"/src=data:=".<a,[document.cookie].some(confirm)> |
|---|
| 사용자 | kr1shna4garwal (UID 49100) |
|---|
| 제출 | 2023. 06. 18. PM 12:12 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 06. 18. PM 01:23 (1 hour later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 231805 [SourceCodester Resort Reservation System 1.0 Manage Room Page ?page=rooms Cottage Number 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|