| 제목 | Codeastro Restaurant POS System 1.0 Stored Cross-Site Script |
|---|
| 설명 |
The Restaurant POS System is vulnerable to cross-site scripting attack in “dashboard.php” when an attacker enters a script payload in the “Full Name” field of the “create_account.php” . When the User Logs in to the Dash Board, The XSS is Triggered. It is also triggered in other endpoints along with “admin/customes.php” on Admin Login.
Vulnerability Details
- Vulnerability Type: Stored XSS
- Affected URL: http://localhost/RestaurantPOS/Restro/customer/dashboard.php
- Affected URL: http://localhost/RestaurantPOS/Restro/admin/customes.php
- Exploited Parameter: “Full Name “ field at “create_account.php” .
-Payloads Used: <img src=x onerror=alert(document.cookie)>
Recommendations:
1. Input Validation: Implement strict input validation to prevent XSS injection.
2. Update System: Keep the Restaurant POS System , PHP, and server components up-to-date with the latest security patches.
3. Security Audits: Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. Education: The application developers on secure coding practices, emphasizing input validation and secure database handling. |
|---|
| 원천 | ⚠️ https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing |
|---|
| 사용자 | VishnuDev1 (UID 63087) |
|---|
| 제출 | 2024. 02. 05. PM 02:30 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 02. 06. AM 09:43 (19 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 253010 [CodeAstro Restaurant POS System 1.0 create_account.php Full Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|