제출 #43182: Student-Admission CMS exist Cross-site scripting Vulnerability정보

제목Student-Admission CMS exist Cross-site scripting Vulnerability
설명Student-Admission CMS exist Cross-site scripting Vulnerability .The input variables are not protected and output is directly output. Attackers can construct malicious code to steal user and administrator cookies. Vulnerability file location:/admin/edit.php look at this source code ``` <?php print $_GET['eid'].', Name: '.$row["sname"]; ?>'s information</h3> ``` There is no protection for the eid here. The `eid` variable is directly output here. Here we can insert XSS statements to steal user cookies and other information. The construction statement is as follows ``` a=edit&eid=<script>alert(document.cookie)</script> ``` https://img-blog.csdnimg.cn/97f916b49a8a40fc89dd830e8ddfe19e.png Source link https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
원천⚠️ https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
사용자
 qidian (UID 30810)
제출2022. 08. 10. AM 12:24 (4 연령 ago)
모더레이션2022. 08. 10. AM 07:31 (7 hours later)
상태수락
VulDB 항목206016 [SourceCodester Simple Online Book Store System /admin/edit.php eid 크로스 사이트 스크립팅]
포인트들20

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!