Reflected XSS on ID parameter in unilogies/bumsys
Oct 30th 2022
<input type="hidden" name="accounts_id" value="<?php echo $_GET['id']; ?>">
Proof of Concept
- Perform any action within the application that the user can perform.
- View any information that the user is able to view.
- Modify any information that the user is able to modify.
- Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.