Created
September 14, 2023 07:55
-
-
Save Arajawat007/7024d41cad58791faa90390838b0c71b to your computer and use it in GitHub Desktop.
CVE-2023-42257
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Exploit Title: Simple Book Catalog App Using PHP with Source Code - XSS Cross Site Scripting | |
Vendor Homepage: https://www.sourcecodester.com/ | |
Software Link: https://www.sourcecodester.com/php/16792/php-simple-book-catalog-app-free-source-code.html | |
Tested On: Linux | |
Attack Type: Local | |
Steps to Reproduce - | |
1. Visit https://localhost/book-catalog-app/ | |
2. Click on "Add Book" | |
3. After clicking on "Add Book" we'll redirect to URL: https://localhost/book-catalog-app/index.php | |
4. Use this payload: <script>alert(123)</script> | |
5. Use XSS payload ( <script>alert(123)</script> ) put payload in "Book Title" Section Then | |
6. Click on Add Book | |
7. It reflected the value of 123. | |
Reference: CVE-2023-42257 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment