| 제목 | Online Motorcycle (Bike) Rental System - Stored XSS |
|---|
| 설명 | # Exploit Title: Online Motorcycle (Bike) Rental System - Stored XSS
# Exploit Author: Velican
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html
# Version: v1.0
# Tested on: Parrot GNU/Linux 4.10, Apache
Description:-
A Stored XSS issue in Online Motorcycle (Bike) Rental System v1.0 allows to inject Arbitrary JavaScript in Listing Bike Model name parameter.
`
Payload used:-
"><script>confirm (document.cookie)</script>
`
Parameter:-
"Model":"><script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. First login into any admin account
2. Go to http://localhost/bike_rental/admin/?page=bike
2. In that go to "Bike List" and where you can put your "Model", edit that and put your payload.
3. Now fill the other details and save it.
4. You can see our xss payload was triggered. |
|---|
| 사용자 | VELICAN (UID 55507) |
|---|
| 제출 | 2023. 10. 14. AM 11:23 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 10. 14. PM 01:06 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 242170 [SourceCodester Online Motorcycle Rental System 1.0 Bike List /admin/?page=bike Model 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|