| 제목 | SourceCodester Online Food Ordering System v2 2 Cross Site Scripting |
|---|
| 설명 | Vulnerability Description: Stored XSS Vulnerability in the Create New Account Form in the Online Food Ordering System v2 Allows a Remote Attacker to Inject or Store Arbitrary Code via the First Name and Last Name Fields.
Payload used: "><script src=data:,alert("Stored XSS")//
Attack Type: Remote
Impact: Code Execution
Affected Component(s): Online Food Ordering System v2 web interface
Attack Vector(s): An attacker could use the First Name and Last Name field of Create New Account form allows a Remote Attacker to Inject or Store Arbitrary Code.
Discover(s) Credits: Varshil
Steps:
1) Go to hxxp://TARGET[.]SITE, Click on Login then Click on Create New Account
2) In the ‘Create New Account’ form, insert the above-mentioned payload or any other valid filter bypass XSS payload in: 1) First Name, 2) Last Name
3) It will be stored in the database, and whenever any user clicks opens any page or refresh the code will be executed. |
|---|
| 사용자 | knoxpro (UID 74435) |
|---|
| 제출 | 2024. 09. 08. PM 08:13 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 09. AM 11:22 (15 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276831 [SourceCodester Online Food Ordering System 2.0 Create an Account Page index.php First Name/Last Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|