Created
June 5, 2022 17:16
-
-
Save mayank-s16/19b22b3b356646dce2639a9400f3f7d9 to your computer and use it in GitHub Desktop.
Simple Bakery Shop Management System in PHP MySQL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: | |
The Bakery Shop Management System is a simple web-based application platform for bakery shops that | |
can help them to manage their stocks and day-to-day transaction with their customers. | |
# Vulnerability Name: Cross site scripting (XSS) in Simple Bakery Shop Management System | |
# Vulnerable URL: http://localhost/bsms/?page=manage_account | |
# Parameters Vulnerable: Full Name, Username | |
# Payload Used: "><script>alert("XSS")</script> | |
# Steps to reproduce: | |
1. Login with admin credential. | |
2. Navigate to 'Manage Account'. | |
3. Insert XSS payloads in input fields 'Full Name' and 'Username'. | |
4. Click on Update. | |
5. XSS payloads trigger automatically while user visits this page again. | |
# References | |
Vendor URL: https://www.campcodes.com/ | |
Software URL: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment