Skip to content

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

License

boku7/StockManagement-XSS-Login-CredHarvester

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Stock Management System v1.0 - Cross-Site Scripting Credential Harvester (Login-Portal)

Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)

Vulnerability Statistics
  • OWASP Top Ten 2017: A7:2017-Cross-Site Scripting (XSS)
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Type 1: Reflected XSS
  • CWE-523: Unprotected Transport of Credentials
  • CVSS Base Score: 6.4
  • Impact Subscore: 4.7
  • Exploitability Subscore: 1.6
  • CVSS v3.1 Vector:
    • AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Vulnerability Description:

  • Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

Vendor Info

About

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages