Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-Site Scripting Vulnerable #13

Open
khanhdlq opened this issue Jun 5, 2024 · 0 comments
Open

Cross-Site Scripting Vulnerable #13

khanhdlq opened this issue Jun 5, 2024 · 0 comments

Comments

@khanhdlq
Copy link

khanhdlq commented Jun 5, 2024

We have identified a critical security issue on our website: an Stored XSS (Cross-Site Scripting) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access to sensitive information, unauthorized actions on the website, or complete control over users' browsers.

Function /admin: System, Utility event, , content, marketing, member, merchandise

  • When u add, edit some content to
<img src=x onerror=alert(1)>

it will pop up an alert box -> we can use that to do everything that javascript can do (steel admin'scookie , redirect to others website,...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant