| Title | Codeastro Internet Banking System in PHP 1 Cross-Site Scripting |
|---|
| Description | Project Name: Internet Banking System in PHP
Vendor: codeastro.com
Project Link: [Internet Banking System]( https://codeastro.com/internet-banking-system-in-php-with-source-code/)
Vulnerability Type: Cross-site Scripting
Affected Parameter: http://localhost/InternetBanking-PHP/client/pages_dashboard.php
Severity: Medium
Description:
The Internet Banking System is vulnerable to a cross site scripting attack in pages_dashboard.php when an attacker enters a script payload in the “Client Full Name” field at pages_client_signup.php page. The alert will trigger when the user gets logged in.
Exploited Parameter:
- Client Full Name Field at pages_client_signup.php
Payloads Used:
<script>alert(“Vulnerable”)</script>
Recommendations:
1. *Input Validation:* Implement strict input validation to prevent XSS injection.
2. *Update System:* Keep the Real Estate Management System, PHP, and server components up-to-date with the latest security patches.
3. *Security Audits:* Regularly audit system security and consider professional assessments to identify and fix vulnerabilities.
4. *Education:* Train developers on secure coding practices, emphasizing input validation and secure database handling.
Timeline:
- Discovery Date: [19/01/2024]
|
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing |
|---|
| User | Mohammed Aashique (UID 62025) |
|---|
| Submission | 01/19/2024 18:18 (2 years ago) |
|---|
| Moderation | 01/21/2024 17:18 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 251677 [CodeAstro Internet Banking System 1.0 pages_client_signup.php Client Full Name cross site scripting] |
|---|
| Points | 20 |
|---|