| ଶୀର୍ଷକ | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting |
|---|
| ବର୍ଣ୍ଣନା | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting
inurl:customer.php
payload:<script>alert(document.cookie)</script>
Abstract:
Line 55 of customer.php sends unvalidated data to a web browser, which can result in the browser executing malicious code
Explanation:
Cross-site scripting (XSS) vulnerabilities occur when:
1. Data enters a web application through an untrusted source. In the case of persistent (also known as stored) XSS, the untrusted source is typically a database or other back-end data store, while in the case of reflected XSS it is typically a web request.
In this case, the data enters at query() in customer.php at line 7.
2. The data is included in dynamic content that is sent to a web user without being validated.
In this case, the data is sent at builtin_echo() in customer.php at line 55.
Download Code:
https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html |
|---|
| ଉତ୍ସ | ⚠️ https://blog.csdn.net/weixin_43864034/article/details/128127516 |
|---|
| ଉପଭୋକ୍ତା | mkwsj007 (UID 36773) |
|---|
| ଦାଖଲ | 12/01/2022 03:33 AM (3 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 12/01/2022 08:28 AM (5 hours later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 214630 [SourceCodester Canteen Management System customer.php builtin_echo କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ] |
|---|
| ପଏଣ୍ଟ | 20 |
|---|