| 제목 | SourceCodester PHP CRUD using PDO Connection with Free Source Code 1.0 Cross Site Scripting |
|---|
| 설명 | I would like to report a XSS injection vulnerability I discovered in the sourcecodester of the PHP CRUD using PDO Connection with Free Source Code during my testing.
Details:
Affected URL/Endpoint: /basic-crud/endpoint/add.php, /basic-crud/endpoint/update.php
Vulnerable Parameter: first_name, middle_name, last_name
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Click on Add or update button.
2) Use a proxy like burpsuite to intercept the "add" or "update request.
3) Input the payload to invoke the XSS injection.
---
table=tbl_customer&tbl_person_id=&first_name=%3Ch2%3Etest%3C%2Fh2%3E&middle_name=%3Ch2%3Etest%3C%2Fh2%3E&last_name=%3Ch2%3Etest%3C%2Fh2%3E
---
Please let me know if you need further information or a more detailed analysis. |
|---|
| 사용자 | Delvy (UID 74555) |
|---|
| 제출 | 2024. 09. 06. PM 12:58 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 06. PM 11:36 (11 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276783 [SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|