There is an XSS vulnerability in Booking In PHP, at line 111, we can see that the value is equal to the value of the variable $id, and the $id controllable variable is determined by user input and output directly. At this time, we can construct a closed XSS statement. The payload is "><script>alert (" ace ")</script>, and then we can construct a pop-up window
Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4
1.Movie Ticket Booking System-PHP XSS vulnerability
There is an XSS vulnerability in Booking In PHP, at line 111, we can see that the value is equal to the value of the variable $id, and the $id controllable variable is determined by user input and output directly. At this time, we can construct a closed XSS statement. The payload is "><script>alert (" ace ")</script>, and then we can construct a pop-up window
POC:
The text was updated successfully, but these errors were encountered: