Online car rental system 1.0 stored cross site scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-02-09 |
Type : webapps |
Platform : php
This exploit / vulnerability Online car rental system 1.0 stored cross site scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting
# Date: 9/2/2021
# Exploit Author: Naved Shaikh
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Version: V 1.0
# Tested on Windows 10, XAMPP
Steps:
1) Open http://localhost/car-rental/admin/post-avehical.php
2) Fill All the details on the page. After submitting, capture the request and change the "vehicalorcview" parameter with our Payload "<script>alert("CAR")</script>" and submit
3) Open the http://localhost/car-rental/ and our Payload excuted.