It is observed that the application is not sanitizing the user supplied input(URI) before reflecting the same in the response. When an attacker tries to inject the XSS payloads via URI i.e. he/she is greeted with the following error
"PHP_SELF mismatch PATH(URI)"
So my payload will be something like this
GetSimpleCMS-master/index.php/XSS_PAYLOAD
Note: This scenario is observed throughout the application.
Hai,
It is observed that the application is not sanitizing the user supplied input(URI) before reflecting the same in the response. When an attacker tries to inject the XSS payloads via URI i.e. he/she is greeted with the following error "PHP_SELF mismatch PATH(URI)"
So my payload will be something like this GetSimpleCMS-master/index.php/XSS_PAYLOAD
Note: This scenario is observed throughout the application.