| 제목 | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 Stored XSS |
|---|
| 설명 | ulnerability Introduction
controllers/books_center/add_book_check.php interface has an XSS storage vulnerability, where attackers can pass in the product name (i.e. mark parameter) to cause the server to execute JS code, resulting in an XSS storage vulnerability
Vulnerability analysis
Vulnerability class file: Books_Manager/books_center/add_book_check.php
Receiving the mark parameter in the add_book_check.php and directly updating it to the database without verifying the incoming content, there is an XSS storage vulnerability
Vulnerability reproduction
After entering the following code in the product name and clicking the submit button, it was found that the JS code was successfully executed.
|
|---|
| 원천 | ⚠️ https://blog.y1fan.work/2026/01/13/%E5%AD%98%E5%82%A8%E5%9E%8Bxss/ |
|---|
| 사용자 | y1fan (UID 94467) |
|---|
| 제출 | 2026. 01. 13. AM 09:00 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 26. PM 03:53 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 342873 [iJason-Liu Books_Manager 까지 298ba736387ca37810466349af13a0fdf828e99c add_book_check.php mark 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|