### Vulnerability Overview - **Project Name**: Pharmacy Sales and Inventory System Project V1.0 - **Vulnerability Type**: Cross-Site Scripting (XSS) - **Affected File**: `/index.php?page=product` - **Vulnerability Cause**: An attacker can inject malicious script code via the parameter `id`. The system does not properly encode or filter input, allowing malicious scripts to execute in the victim's browser. ### Impact Scope - **Data Leakage**: Attackers can steal sensitive user information such as cookies, session tokens, etc. - **Account Takeover**: Attackers can impersonate victims to perform actions such as modifying account information, transferring funds, etc. - **Page Tampering**: Attackers can alter webpage content to display malicious information. - **Redirection Attacks**: Attackers can redirect users to malicious websites. - **System Control**: Attackers may gain partial control over the victim's system. ### Remediation Measures 1. **Output Encoding**: - Properly encode user input before rendering it on web pages. Different contexts (e.g., HTML, JavaScript, CSS, URL) require different encoding methods to ensure input is treated as plain text rather than executable code. 2. **Input Validation and Filtering**: - Strictly validate and filter user input data. Only allow data that conforms to expected formats, and reject or escape any potentially malicious content such as script tags, event handlers, etc. 3. **Use Content Security Policy (CSP)**: - Implement strict CSP to restrict sources of executable scripts, preventing unauthorized inline scripts and external scripts from running. 4. **Set Secure Cookie Flags**: - For sensitive cookies (e.g., session cookies), set the `HttpOnly` flag to prevent access via JavaScript, and set the `Secure` flag to ensure they are transmitted only over HTTPS, reducing the risk of cookie theft. 5. **Regular Security Audits**: - Conduct regular code and system security audits to promptly identify and fix potential XSS vulnerabilities and other security issues. ### POC Code ```html prompt(xss) ``` ### Vulnerability Details - **Vulnerable Location**: `id` parameter - **Exploitation Method**: Send a request containing malicious script to `/index.php?page=product` to trigger the XSS vulnerability. ### Screenshot Example - The screenshot shows a dialog box triggered by exploiting the XSS vulnerability, confirming the existence of the flaw. ### Summary This vulnerability is a typical XSS issue, where attackers can inject malicious script code to steal sensitive user information, tamper with page content, or redirect users. Remediation measures include output encoding, input validation, use of CSP, setting secure cookie flags, and regular security audits.