| Название | code-projects.org Social Networking Site 1.0 Stored XSS (CROSS SITE SCRIPTING) |
|---|
| Описание | Stored Cross-Site Scripting is a security vulnerability that arises when an attacker injects malicious
scripts into a web application, with the injected payload being stored on the server. Unlike typical
XSS attacks, where attackers directly witness the impact of their scripts, Stored XSS involves triggering
the stored payload directly, and impacting the other users.In this application the stored xss was found in http://localhost/socialsite/message.php in message option where we can message each user and it was displayed in Home page http://localhost/socialsite/home.php.When we tried xss payload it got stored and when ever a new user registers and logins stored xss will get triggered and gets executed in which attackers can use this way to steal the users cookies and session ids.The impact of stored xss can lead to the unauthorized access of sensitive data, distribution of malicious content, and compromise of user trust, potentially causing widespread damage to individuals and organizations. |
|---|
| Источник | ⚠️ https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link |
|---|
| Пользователь | harivignesh (UID 61478) |
|---|
| Представление | 15.01.2024 13:26 (2 лет назад) |
|---|
| Модерация | 19.01.2024 10:45 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 251546 [code-projects Social Networking Site 1.0 Message Page message.php Story межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|