| 제목 | code-projects Simple Online Hotel Reservation System 1.0 Cross site scripting |
|---|
| 설명 | 1. Access the reservation link and identify vulnerable input fields (Firstname and Lastname).
2. Capture the request in BurpSuite to bypass initial payload rejection.
3. Insert XSS payload (<script>alert(1)</script>) in either field and send the request.
4. Reservation details, visible only to administrators, trigger the payload upon viewing.
5. Blind XSS payload can lead to stealing admin cookies for account takeover. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing |
|---|
| 사용자 | mallutrojan (UID 60819) |
|---|
| 제출 | 2024. 01. 11. PM 07:59 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 12. PM 03:15 (19 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250618 [code-projects Simple Online Hotel Reservation System 1.0 Make a Reservation Page add_reserve.php Firstname/Lastname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|