Car Rental System 2.6 Cross Site Scripting ↭ – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on April 7th, 2020 📆 | 2576 Views ⚑


Car Rental System 2.6 Cross Site Scripting ↭

# Exploit Title: Car Rental System 2.6 XSS Vunlerability
# Google Dork:N/A
# Date: 2020-04-04
# Exploit Author: @ThelastVvV
# Vendor Homepage:
# Version: 2.6
# Tested on: 5.4.0-kali4-amd64



Persistent Cross-site Scripting in Customer registration-form all-tags

PoC 1:

1- Go to the car renting page then choose new customor

2- In “any ” field of registration form type your payload :

3-then hit CONTINUE

4- Once the admin logs into the admin home page … the admin will be xssed


XSS can lead to adminstators/users’s Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data, CSRF attacks and other critical attacks on administrators directly.


Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *