| عنوان | Online Motorcycle (Bike) Rental System - Stored XSS |
|---|
| الوصف | # Exploit Title: Online Motorcycle (Bike) Rental System - Stored XSS
# Exploit Author: Velican
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Version: v1.0
# Tested on: Parrot GNU/Linux 4.10, Apache
Description:-
A Stored XSS issue in Online Motorcycle (Bike) Rental System v1.0 allows to inject Arbitrary JavaScript in Listing Bike Model name parameter.
`
Payload used:-
"><script>confirm (document.cookie)</script>
`
Parameter:-
"Model":"><script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. First login into any admin account
2. Go to http://localhost/bike_rental/admin/?page=bike
2. In that go to "Bike List" and where you can put your "Model", edit that and put your payload.
3. Now fill the other details and save it.
4. You can see our xss payload was triggered. |
|---|
| المستخدم | VELICAN (UID 55507) |
|---|
| ارسال | 14/10/2023 11:23 AM (3 سنوات منذ) |
|---|
| الاعتدال | 14/10/2023 01:06 PM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 242170 [SourceCodester Online Motorcycle Rental System 1.0 Bike List /admin/?page=bike Model البرمجة عبر المواقع] |
|---|
| النقاط | 17 |
|---|