| 제목 | SourceCodester Online Eyewear Shop 1.0 Cross Site Scripting |
|---|
| 설명 | **Summary for VulDB Submission:**
**Title:**
Stored XSS Vulnerability in Online Eyewear Shop Website 1.0
**Description:**
A **stored Cross-Site Scripting (XSS)** vulnerability has been identified in version 1.0 of the **Online Eyewear Shop Website**. The flaw resides in the **contact form update section** at the URL `/admin/?page=system_info/contact_info`. Attackers can inject malicious scripts into form fields, which are stored and executed every time the page is accessed. This vulnerability can lead to session hijacking, malicious script execution, and compromise of user and administrator accounts. The issue remains **unpatched** and poses a high security risk.
**Severity:**
- High
**Affected Version:**
- 1.0
**Proof of Concept (PoC):**
```html
<script>alert('XSS');</script>
```
**Vulnerable URLs:**
- `/admin/?page=system_info/contact_info`
**References:**
- [Vulnerability Source](https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html)
- [PoC Image 1](https://i.ibb.co/ZMnZ45c/2024-10-13-17-22-contact.png)
- [PoC Image 2](https://i.ibb.co/0YZLPN0/2024-10-13-17-23-contact.png)
- [PoC Image 3](https://i.ibb.co/YX12CKH/2024-10-13-17-24-contact.png)
|
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/bedd395e74a335f0145872c96d7cb92d |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2024. 10. 13. PM 10:34 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 14. PM 09:48 (23 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 280319 [SourceCodester Online Eyewear Shop 1.0 Contact Information Page contact_info Address 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|