Skip to content

Latest commit

 

History

History
97 lines (49 loc) · 1.71 KB

WHBS-XSS.md

File metadata and controls

97 lines (49 loc) · 1.71 KB

WHBS-XSS

The Wedding Hall Booking System published in SourceCodester has multiple Cross-site scripting vulnerabilities. The system does not do anything with input and output. Attackers can construct malicious code to steal user and administrator cookies.

Contact Us

/whbs/?page=contact_us

image-20220806143046818

image-20220806143236190

Booking Form

image-20220806143701212

Fires when the user views the booking

/whbs/?page=my_bookings

image-20220806143829185

Fires when the admin views the booking

/whbs/admin/?page=bookings

image-20220806144106420

Profile page

Modify the profile

/whbs/?page=manage_account

image-20220806144716946

Fires when the user views the profile

/whbs/?page=profile

image-20220806145124839

Fires when the admin views the Client Lists

/whbs/admin/?page=clients

image-20220806145620104

Staff user profile

/whbs/admin/?page=user

image-20220806151214286

Fired when an administrator visits the User List page.

/whbs/admin/?page=user/list

image-20220806151352449

All of the above vulnerabilities can return cookies.

Link

https://www.sourcecodester.com/php/15154/wedding-hall-booking-system-phpoop-free-source-code.html