Park Ticketing Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
1e843f25a9ae3b474d06c5f3b5494406
# Exploit Title: Park Ticketing Management System 1.0 Stored Cross-Site Scripting Vulnerability
# Date: 2020-01-21
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/
# Software: Park Ticketing Management System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability. This
# Vulnerable script: http://localhost/ptms/normal-search.php
# Vulnerable parameter: ‘search ticket’ Input Field
# Payload used: <script>alert(123)</script>
# POC: http://localhost/ptms/normal-search.php in this
# URL you can add the specially crafted Ticket number.
# Click on the search and you will see your Javascript code executes.
Thanks and Regards,
Priyanka Samak