School Management System Reflected Cross-Site Scripting Vulnerability

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in School Management System version 1.0, developed by mahmoudai1. This vulnerability allows unauthenticated remote attackers to execute arbitrary JavaScript in the browsers of victims. The issue arises from the unsanitized 'type' parameter in 'register.php', which is reflected without proper escaping. Exploitation of this vulnerability could lead to session hijacking, phishing, or malware distribution.

Impact

Exploitation of this vulnerability allows for session hijacking through cookie theft, injection of phishing forms, distribution of malware via redirects, and it requires no authentication.

Reproduction

To reproduce this vulnerability, send a request to 'register.php' with a 'type' parameter containing unescaped JavaScript, such as a script tag. The injected script will execute in the context of the user's browser.

Remediation

To address this vulnerability, sanitize the 'type' parameter by using 'htmlspecialchars' before outputting it. This can be done by replacing the current echo statements in 'register.php' with 'echo htmlspecialchars(ucfirst($_REQUEST['type']), ENT_QUOTES, 'UTF-8');' for line 22 and 'echo htmlspecialchars($_REQUEST['type'], ENT_QUOTES, 'UTF-8');' for line 26.