| 제목 | sourcecodester Petrol pump management software 1.0 Stored XSS |
|---|
| 설명 | The Petrol Pump Management Software on SOURCECODESTER contains a Stored Cross-Site Scripting (XSS) vulnerability within its /admin/app/profile_crud.php component. This vulnerability arises from the application's failure to sanitize user inputs for fields such as username, email, and mobileno before updating them in the database. Attackers can exploit this flaw by crafting malicious inputs that include JavaScript code, which will be executed in the context of a user's session when viewed. The demonstrated proof of concept shows how a simple POST request can inject JavaScript into the username field, triggering an alert box when the malicious content is interacted with or displayed. This issue highlights the critical need for validating and encoding user inputs to prevent XSS attacks, which can lead to unauthorized actions being performed on behalf of the user, access to sensitive information, and other security |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/profile_crud.php%20Unauthenticated%20STORED%20XSS.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 29. AM 10:40 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 07:54 (21 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255378 [SourceCodester Petrol Pump Management Software 1.0 profile_crud.php 사용자 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|