| Titel | Online Motorcycle (Bike) Rental System - Stored XSS |
|---|
| Beschreibung | # Exploit Title: Online Motorcycle (Bike) Rental System - Stored XSS
# Exploit Author: Velican
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Version: v1.0
# Tested on: Parrot GNU/Linux 4.10, Apache
Description:-
A Stored XSS issue in Online Motorcycle (Bike) Rental System v1.0 allows to inject Arbitrary JavaScript in Listing Bike Model name parameter.
`
Payload used:-
"><script>confirm (document.cookie)</script>
`
Parameter:-
"Model":"><script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. First login into any admin account
2. Go to http://localhost/bike_rental/admin/?page=bike
2. In that go to "Bike List" and where you can put your "Model", edit that and put your payload.
3. Now fill the other details and save it.
4. You can see our xss payload was triggered. |
|---|
| Benutzer | VELICAN (UID 55507) |
|---|
| Einreichung | 14.10.2023 11:23 (vor 3 Jahren) |
|---|
| Moderieren | 14.10.2023 13:06 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 242170 [SourceCodester Online Motorcycle Rental System 1.0 Bike List /admin/?page=bike Model Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|