Computer Laboratory Management System using PHP and MySQL 1.0

Submitter: Kha Do

Vulnerability

Cross Site Scripting

Description

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

Affected component

Path URL: /php-lms/classes/Users.php?f=save

Parameters: firstname, middlename, lastname

POC

Input payload <script>alert(123)</script> into firstname parameter and save it.

After saving, the pop-up windows like will appear:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Computer Laboratory Management System using PHP and MySQL 1.0

Submitter: Kha Do

Vulnerability

Description

Affected component

POC

Files

README.md

Latest commit

History

README.md

File metadata and controls

Computer Laboratory Management System using PHP and MySQL 1.0

Submitter: Kha Do

Vulnerability

Description

Affected component

POC