Headline
CVE-2023-31816: GitHub - TzssZ/Content-Management-System-v1.0-has-Cross-site-Scripting-XSS-: Content Management System In PHP With Source Code has Cross-site Scripting (XSS)
IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php.
Content-Management-Systemv1.0-has-Cross-site-Scripting-XSS-
Content Management System In PHP With Source Code has Cross-site Scripting (XSS)
Vul_Author: TzssZ
vendors: https://itsourcecode.com/free-projects/php-project/content-management-system-in-php-with-source-code/
Vulnerability File: /ecodesource/search_list.php
Vulnerability location: POST /ecodesource/search_list.php HTTP/1.1\r\n
[+] Payload: <script>alert(document.cookie)</script>
Tested on Windows 10, phpStudy
There is an example with alert:
When you enter the system,click ‘search’
input a XSS script in input boxes,such as "<script>alert(document.cookie)</script>",it will expose cookie.
click search,and you will obtain its cookie.