Short Description
Install and run the source code of the application on localhost. Register from the registration page at the url workout-journal/index.php. When registering, stored XSS payloads can be entered for the First and Last name on the page. When registering on this page, for the first_name parameter in the request to the /workout-journal/endpoint/add-user.php url
For the last_name parameter, type " <script>console.log(document.cookie)</script> " and " <script>console.log(1337) </script> ". Then when you log in you will be redirected to /workout-journal/home.php. When you open the console here, you can see that Stored XSS is working. You can also see from the source code of the page that the payloads are working correctly. This vulnerability occurs when a user enters data without validation and then the browser is allowed to execute this code.
PoC
Register Request to /workout-journal/endpoints/add-user.php
You can see the request by using Burpsuite proxy.
This request will return Code 200 in the Response and the website will return an alert saying “Account Successfully Registered!”.
After these all, you can go to login page and login to system with username and password.
After that you can see that on console payloads had worked right.
You can see the request and response of /workout-journal/home.php
