all InfoSec news
How I found CVE-2022–40088
System Weakness - Medium systemweakness.com
Hey Squad,
Today I will be telling you guys how I found CVE-2022–40088.
Simple College Website 1.0 allows a user to perform Reflected Cross-site scripting via /college_website/index.php?page= when sending Javascript code to the “page” parameter.
Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html
Source Code: https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip
Photo by Muha Ajjan on Unsplash
Identification
When I sent a random text to the endpoint “/college_website/index.php?page=<random_text>”, I observed that it was added to the response HTML without any encoding.
Burp Req/Res
Hacking
From the Response of the Burp, …