[webapps] CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
在线铁路预订系统1.0存在XSS漏洞,允许攻击者注入JavaScript代码窃取用户数据。通过输入特定payload可触发警报显示用户cookies。修复需对输入进行清理和验证。 2025-4-10 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:6 收藏
在线铁路预订系统1.0存在XSS漏洞,允许攻击者注入JavaScript代码窃取用户数据。通过输入特定payload可触发警报显示用户cookies。修复需对输入进行清理和验证。 2025-4-10 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:6 收藏
# Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0
# Date: 2024-08-15
# Exploit Author: Raj Nandi
# Vendor Homepage: https://codeastro.com/
# Software Link:
https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Any OS
# CVE: CVE-2024-7815
## Description:
A Cross-Site Scripting (XSS) vulnerability exists in [Application
Name/Version]. This vulnerability allows an attacker to inject and execute
arbitrary JavaScript code within the context of the user's browser session.
## Proof of Concept (PoC):
1. Navigate to [vulnerable page or input field].
2. Input the following payload: `<script>alert(document.cookie)</script>`
3. Upon execution, the script will trigger and display the user's cookies
in an alert box.
## Mitigation:
To prevent this vulnerability, ensure that all user inputs are properly
sanitized and validated before being reflected back on the webpage.
文章来源: https://www.exploit-db.com/exploits/52159
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh