Web-Based Student Clearance Syst

Web-Based Student Clearance System is vulnerable to a Cross-site scripting(Persistent)

Line 251 of add-student.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.

url:/Admin/add-student.php

Payload :<svg onload=prompt(/xss/)> 

44.png 11.png 22.png 33.png

In this case, the data enters at prepare() in add-student.php at line 243.

The data is included in dynamic content that is sent to a web user without being validated.

In this case, the data is sent at builtin_echo() in add-student.php at line 251.

Download Code: https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html