Populate the NAME & PROTOCOL fields with the XSS payload & save.
Navigate to the Affected URL, payload would be triggered.
Expected behavior
Proper escaping of special characters.
Debug Logs
None
The text was updated successfully, but these errors were encountered:
Loginsoft-Research
changed the title
POST (self) - Reflected Cross Site Scripting (XSS) - controlcap.php
Stored Self-Cross Site Scripting (XSS) - controlcaps.php
Jan 24, 2019
Describe Your Environment
Describe the bug
The view
controlcaps, displays theProtocolfield record with no proper filtration, leading to Self - Stored XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php?view=controlcaps
Payload used -
"><img src=x onerror=prompt('1');>NAME&PROTOCOLfields with the XSS payload & save.Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: