CodeAstro Online Railway Reservation System 1.0 – Cross Site Scripting (XSS)

• Exploit Database
• 9 阅读

• 作者： Raj Nandi
  日期： 2025-04-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/52159/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS) # Date: 2024-08-15 # Exploit Author: Raj Nandi # Vendor Homepage: https://codeastro.com/ # Software Link: <blockquote class="wp-embedded-content" data-secret="0yT2MnAKNV"><a href="https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/" target="_blank"rel="external nofollow" class="external" >Online Railway Reservation System in PHP with Source Code</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Online Railway Reservation System in PHP with Source Code” — CodeAstro" src="https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/embed/#?secret=0tbaVpN1X5#?secret=0yT2MnAKNV" data-secret="0yT2MnAKNV" frameborder="0" marginmarginscrolling="no"></iframe> # Version: 1.0 # Tested on: Any OS # CVE: CVE-2024-7815   ## Description: A Cross-Site Scripting (XSS) vulnerability exists in [Application Name/Version]. This vulnerability allows an attacker to inject and execute arbitrary JavaScript code within the context of the user&apos;s browser session.   ## Proof of Concept (PoC): 1. Navigate to [vulnerable page or input field]. 2. Input the following payload: `<script>alert(document.cookie)</script>` 3. Upon execution, the script will trigger and display the user&apos;s cookies in an alert box.   ## Mitigation: To prevent this vulnerability, ensure that all user inputs are properly sanitized and validated before being reflected back on the webpage.