Vehicle Parking Management System 1.0 – Stored XSS Vulnerability

Snapchat-933464585

Bug – 1

Vulnerable Parameter :

  • Add-Category.php
  • Edit-Catergory.php
# Date: 2021-01-30
# Exploit Author: Palvinder Singh
# Vendor Homepage: https://phpgurukul.com/
# Software Link:
https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/
# Software: : Vehicle Parking Management System # Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability.
# Vulnerable Targets:
# Vulnerable parameters: ‘Category Name’
# Payload used: ()”><script>alert(‘document.cookie’)</script>
# POC: When you view the details under the Manage Category Tab
# You will see your Javascript code executed.

…other bug(s), will also be updated soon !
Team Secuneus !

 

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.