Gửi #59419: Blood Bank Management System - Persistant XSSthông tin

tiêu đề	Blood Bank Management System - Persistant XSS
Mô tả	# Exploit Title: Blood Bank Management System - Persistant XSS # Exploit Author: Madhur Jain # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Parrot GNU/Linux 4.10, Apache Description:- A Persistant XSS issue in Blood Bank Management System v.1.0 allows to inject Arbitrary JavaScript in User registration form. ` Payload used:- <script>confirm (document.cookie)</script> ` Parameter:- Full Name: <script>confirm (document.cookie)</script> ` Steps to reproduce:- 1. Go to http://localhost/bloodbank/index.php?page=users 2. Now click on "New user" and in that "Name" Parameter put the payload 3. Now fill the other details and save it. 4. XSS has been triggered and everytime we load the page it will be triggered 5. We can use Admin cookie to escalate our privilege.
Người dùng	Madhur Jain (UID 37979)
Đệ trình	22/12/2022 17:36 (cách đây 4 những năm)
Kiểm duyệt	25/12/2022 20:28 (3 days later)
Trạng thái	được chấp nhận
Mục VulDB	216774 [SourceCodester Blood Bank Management System 1.0 User Registration index.php?page=users Tên Tập lệnh chéo trang]
điểm	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!