Onilne Bus Booking System Project 1.0 Cross Site Scripting

2020.12.13
Credit: Krishna Yadav
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: online bus booking system project using PHP MySQL - Stored cross-site scripting # Exploit Author: Krishna Yadav # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html # Version: 1.0 # Tested on Windows 10/Kali Linux # Contact: https://www.linkedin.com/in/krishna-yadav-85aa34b2/ Stored cross-site scripting: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS. Attack Vector: online bus booking system project using PHP MySQL version 1.0 is vulnerable to stored XSS. the home page is vulnerable to XSS. Vulnerable Parameter: http://localhost:85/bus_booking/index.php?page= <Payload> Payload: %22%3E%3C/\/\%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top