Skip to content

RashidKhanPathan/CVE-2022-43117

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 

Repository files navigation

[Suggested description] Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.


[Additional Information] Proof Of Concept: https://drive.google.com/file/d/1ZmAuKMVzUpL8pt5KXQJk8IyPECoVP9xw/view?usp=sharing Vendor Homepage: https://www.sourcecodester.com/php/15726/password-storage-application-phpoop-and-mysql-free-source-code.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/psa_php.zip


[Vulnerability Type] Cross Site Scripting (XSS)


[Vendor of Product] Sourcecodester


[Affected Product Code Base] Password Storage Application in PHP/OOP and MySQL - 1.0


[Affected Component] Source Code


[Attack Type] Remote


[Impact Code execution] true


[Attack Vectors] to Exploit this vulnerability attacker need to first create his account on http://localhost/psa_php/owner_registration.php, then login with created password after login, attacker need to inject arbitrary JavaScript code inside Name, Username, Description and Site field, and then click on save, once attacker clicks on save button the arbitrary JavaScript Payload will Execute


[Reference] https://www.sourcecodester.com/php/15726/password-storage-application-phpoop-and-mysql-free-source-code.html https://drive.google.com/file/d/1ZmAuKMVzUpL8pt5KXQJk8IyPECoVP9xw/view?usp=sharing


[Discoverer] RashidKhan Pathan

Use CVE-2022-43117

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published