Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

WHBS-XSS

The Wedding Hall Booking System published in SourceCodester has multiple Cross-site scripting vulnerabilities. The system does not do anything with input and output. Attackers can construct malicious code to steal user and administrator cookies.

Contact Us

/whbs/?page=contact_us

image-20220806143046818

image-20220806143236190

Booking Form

image-20220806143701212

Fires when the user views the booking

/whbs/?page=my_bookings

image-20220806143829185

Fires when the admin views the booking

/whbs/admin/?page=bookings

image-20220806144106420

Profile page

Modify the profile

/whbs/?page=manage_account

image-20220806144716946

Fires when the user views the profile

/whbs/?page=profile

image-20220806145124839

Fires when the admin views the Client Lists

/whbs/admin/?page=clients

image-20220806145620104

Staff user profile

/whbs/admin/?page=user

image-20220806151214286

Fired when an administrator visits the User List page.

/whbs/admin/?page=user/list

image-20220806151352449

All of the above vulnerabilities can return cookies.

Link

https://www.sourcecodester.com/php/15154/wedding-hall-booking-system-phpoop-free-source-code.html