| 제목 | Project Worlds Visitor Management System unknown reflected Cross-Site Scripting (XSS) at dataset.php |
|---|
| 설명 | The Visitor Management System developed by Project Worlds is found to have a security vulnerability that exposes it to reflected Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access, data theft, or other security breaches.
### **Description:**
The application fails to properly validate and sanitize the user input received through the URL parameter **`name`**. As a result, an attacker can inject malicious scripts into the page, leading to the execution of arbitrary JavaScript code in the context of the victim's browser.
### **Proof of Concept:**
To demonstrate the exploit, an attacker can craft a URL with a malicious payload as follows:
1. Access the vulnerable page with the crafted URL:
https://localhost/Visitor%20Management%20System%20in%20PHP/datetest.php?name="><script>alert('torada')</script>
2. Upon loading the page, the injected script triggers an alert with the message 'torada', indicating successful exploitation.
project link
https://projectworlds.in/visitor-management-system-in-php-and-mysql/ |
|---|
| 원천 | ⚠️ https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4 |
|---|
| 사용자 | torada (UID 61170) |
|---|
| 제출 | 2024. 01. 14. PM 08:12 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 17. PM 03:02 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 251376 [Project Worlds Visitor Management System 1.0 URL dataset.php 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|