Scroll Top

Vehicle Parking Management System 1.0 – Stored XSS Vulnerability

Vehicle Parking Management System 1.0 – Stored XSS Vulnerability
Snapchat-933464585
5
By Secuneus Tech Blogs January 30, 2021

Bug – 1

Vulnerable Parameter :

  • Add-Category.php
  • Edit-Catergory.php
# Date: 2021-01-30
# Exploit Author: Palvinder Singh
# Vendor Homepage: https://phpgurukul.com/
# Software Link:
https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
# Software: : Vehicle Parking Management System # Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable Targets:
# Vulnerable parameters: ‘Category Name’
# Payload used: ()”><script>alert(‘document.cookie’)</script>
# POC: When you view the details under the Manage Category Tab
# You will see your Javascript code executed.

…other bug(s), will also be updated soon !
Team Secuneus !

 

Secuneus Tech / About Author
More posts by Secuneus Tech
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required