| ଶୀର୍ଷକ | Movie Ticket Booking System-PHP have a XSS vulnerability |
|---|
| ବର୍ଣ୍ଣନା | Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4
1.Movie Ticket Booking System-PHP XSS vulnerability
inTxnStatus. Php, code line 17: ORDER_ The variable $ORDER whose ID is input by the user and assigned through POST request_ The ID is then directly output in line 44 of the code. Value="">There is no filtering. That is to say, we can construct a closed javascript statement to pop up the page. However, we can bypass the character limit at the front end, which is very simple |
|---|
| ଉତ୍ସ | ⚠️ https://github.com/aman05382/movie_ticket_booking_system_php/issues/5 |
|---|
| ଉପଭୋକ୍ତା | ace. (UID 34853) |
|---|
| ଦାଖଲ | 12/01/2022 03:14 AM (3 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 12/01/2022 08:19 AM (5 hours later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 214626 [Movie Ticket Booking System POST Request ORDER_ID କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ] |
|---|
| ପଏଣ୍ଟ | 20 |
|---|