Headline
CVE-2022-2800: Record4/Gym management system project - ClickJacking exists on multiple pages.md at main · Blythe-LU/Record4
A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability.
Permalink
Cannot retrieve contributors at this time
Gym management system project - ClickJacking exists on multiple pages
College Attendance System (CAS) Posted by SourceCodester is vulnerable to ClickJacking.
Attackers can use this vulnerability to deceive users to click, causing losses to individuals and platforms.
The following pages are paths without the secure X-Frame-Options header:
/mygym/login.php
/mygym/signup.php
/mygym/admin/login.php
/mygym/admin/add_exercises.php
/mygym/admin/add_trainers.php
/mygym/admin/index.php
The following takes /mygym/login.php as an example
To detect whether there is a ClickJacking vulnerability, here we find that the response packet does not contain the X-Frame-Options: deny field, then we can construct an HTML file locally and use an iframe to include this page
We can successfully load this page
Link
https://www.sourcecodester.com/php/15515/gym-management-system-project-php.html