Vendor Homepage: https://www.sourcecodester.com/
Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html
Zoo Management System 1.0 is vulnerable to reflected cross-site scripting on the sign-up page. The "msg" parameter in 'http://localhost/public_html/register_visitor?msg=' is vulnerable.
An attacker could steal cookies with a crafted URL sent to the victims.
Visit the following page:
-
http://localhost/public_html/register_visitor?msg=<script>alert(window.navigator.userAgent)</script>
-
Alert pop up is fired!