Persistent cross-site scripting (XSS) in targeted towards web admin through /admin-panel1.php at via the parameter doctor.
Opened this issue · 0 comments
fuzzyap1 commented
Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: <sCrIpT>alert(1234)</ScRiPt>
Add Doctor info payload to Doctor Name of Add Doctor page to target /admin-panel1.php ,then use burpsuite get requests datas,change the 'doctor' parameter to xss payload: <sCrIpT>alert(1234)</ScRiPt>
Proof of concept (Poc):