| 标题 | PHPGurukul Land Record System 00.0.0.1 Cross Site Scripting |
|---|
| 描述 | In the directory '/landrecordsys/admin/admin-profile.php' in admin account, there is an unrestricted cross-site scripting (XSS) vulnerability and injection attacks in the "Land Record System" system on the 'Admin Name' parameter. This function will execute the user parameter without restriction. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients.
script: "><img src=x onerror=alert(document.cookie)>"</b>
|
|---|
| 来源 | ⚠️ https://phpgurukul.com/land-record-system-using-php-and-mysql/ |
|---|
| 用户 | Fergod (UID 55882) |
|---|
| 提交 | 2024-12-30 17時29分 (2 年前) |
|---|
| 管理 | 2024-12-31 09時58分 (16 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 289836 [PHPGurukul Land Record System 1.0 /admin/admin-profile.php Admin Name 跨网站脚本] |
|---|
| 积分 | 20 |
|---|