Skip to content

Instantly share code, notes, and snippets.

@enferas

enferas/CVE-2023-23025.md

Last active January 21, 2023 12:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save enferas/293f3218086fae8cf43ae6d0c50bf44b to your computer and use it in GitHub Desktop.
Save enferas/293f3218086fae8cf43ae6d0c50bf44b to your computer and use it in GitHub Desktop.
Download ZIP
XSS in Hotel Management System
Raw
CVE-2023-23025.md

CVE-2023-23025 is asigned

Link: https://www.sourcecodester.com/php-codeigniter-hotel-management-system-source-code

22 XSS vulnerabilities in this project.

Sources will be saved in the database, then it will be printed without sanitization in the view files.

For example,

// In application/controllers/restaurant.php
$restaurantName = $this->input->post("restaurantName");
$restaurantOpenTime = $this->input->post("restaurantOpenTime");
$restaurantCloseTime = $this->input->post("restaurantCloseTime");
$restaurantDetails = $this->input->post("restaurantDetails");
$tableCount = $this->input->post("tableCount");
$this->restaurant_m->addRestaurant($restaurantName, $restaurantOpenTime, $restaurantCloseTime, $restaurantDetails, $tableCount);

// In application/views/restaurant/edit.php
<input type="text" id="restaurantName" name="restaurantName" required value="<?=$restaurant->restaurant_name?>" placeholder="Restaurant Name"/>
<textarea type="text" id="restaurantDetails" name="restaurantDetails" required placeholder="restaurant Details">
 <?=$restaurant->restaurant_details?>
</textarea>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment