Skip to content

Latest commit

 

History

History

Accounting-Journal-Management

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Description:

The Accounting-Journal-Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking, the parameter firstname from manage_user app is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network - external domains. He can send the already stolen cookie-session-id - PHPSESSID to other malicious users and then they can attack brutally this system, it depends on the scenarios.

Status: Medium

Reproduce:

href

Proof and Exploit:

href