| Название | SOURCECODESTER FAQ Management System Using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| Описание | There is not input sanitization present when writing FAQs, making the web application vulnerable to XSS.
Allows XSS by placing untrusted code on the parameters question and answer.
Payload used is %3Cscript%3Ealert%28%27reigz+was+here%27%29%3C%2Fscript%3E for both parameters.
Affected endpoint in question is /faq-management-system/endpoint/add-faq.php
POC and further details available on github. |
|---|
| Источник | ⚠️ https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md |
|---|
| Пользователь | reiginald (UID 64219) |
|---|
| Представление | 29.02.2024 01:48 (2 лет назад) |
|---|
| Модерация | 01.03.2024 08:26 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 255385 [SourceCodester FAQ Management System 1.0 /endpoint/add-faq.php question/answer межсайтовый скриптинг] |
|---|
| Баллы | 19 |
|---|