| Title | code-projects Online Shop Store 1.0 Cross Site Scripting |
|---|
| Description | The Online Shop web application is affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the signup.php page. The vulnerability arises because the application does not properly sanitize or escape user input from the m2 parameter before rendering it in the HTML response. This allows an attacker to inject arbitrary JavaScript into the page, which is executed in the context of the victim's browser when the vulnerable page is loaded.
Vulnerable Page
Page: signup.php
Vulnerable Parameter: m2
POC: http://localhost/online-shop/signup.php?m2=<svg onload=alert(document.cookie)>
Attack Type: Reflected Cross-Site Scripting (XSS)
Impact: Allows attackers to inject malicious JavaScript into the page that can execute on a victim's browser. This can lead to:
Session Hijacking: Stealing session cookies and impersonating the user.
Credential Theft: Attacker can capture user credentials if they are entered into malicious forms or alerts.
Phishing Attacks: Redirect victims to fake login pages or steal sensitive information.
Defacement: Alter the appearance or functionality of the page.
Risk Level: High, as this vulnerability can affect all users who visit the vulnerable page and interact with the m2 parameter. |
|---|
| Source | ⚠️ https://github.com/sh3rl0ckpggp/0day/blob/main/code-projects_online-shop_CrossSiteScripting.md |
|---|
| User | sh3rl0ckpgp (UID 77534) |
|---|
| Submission | 11/12/2024 13:25 (2 years ago) |
|---|
| Moderation | 11/15/2024 08:25 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 284679 [code-projects Online Shop Store 1.0 /signup.php m2 cross site scripting] |
|---|
| Points | 20 |
|---|