| 제목 | PHPGurukul Tourism Management System 1.0 Stored Cross-Site Script |
|---|
| 설명 | ## Vulnerability Details
- Vulnerability Type: Stored Cross-Site Scripting
- Affected URL: http://localhost/Tourism-Management-System-PHP/tms/admin/user-bookings.php
- Exploited Parameter: http://localhost/Tourism-Management-System-PHP/tms/
**Vulnerability Description:**
Stored XSS, also known as persistent XSS, occurs when an application stores
malicious data from a user into a database, and this data is later displayed on a web
page without proper validation or sanitization. In a blind type of stored XSS, the injected
script is stored, and the payload is not immediately executed upon injection. Instead, the
malicious script remains dormant in the database until it is displayed to another user,
typically an administrator or other privileged user.
In this Scenario, Tourism Management System **** is vulnerable to cross-site scripting attack in “user-bookings.php” when an attacker enters a script payload in the “Full Name” in the Sign Up Form . When the Admin Logs in, Visits ‘Manage User’ Tab and Clicks on “User Bookings” button to see the details, The XSS is Triggered. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link |
|---|
| 사용자 | VishnuDev1 (UID 63087) |
|---|
| 제출 | 2024. 02. 20. PM 03:29 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 02. 23. AM 09:18 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 254610 [PHPGurukul Tourism Management System 1.0 user-bookings.php Full Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|