Share
# Exploit Title: Park Ticketing Management System 1.0 Stored Cross-Site Scripting Vulnerability  
# Date: 2020-01-21  
# Exploit Author: Priyanka Samak  
# Vendor Homepage: https://phpgurukul.com/  
  
# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/  
  
# Software: Park Ticketing Management System  
# Version : 1.0  
# Vulnerability Type: Cross-site Scripting  
# Vulnerability: Stored XSS  
# Tested on Windows 10  
# This application is vulnerable to Stored XSS vulnerability. This  
# Vulnerable script: http://localhost/ptms/normal-search.php  
# Vulnerable parameter: ‘search ticket’ Input Field  
  
# Payload used: <script>alert(123)</script>  
# POC: http://localhost/ptms/normal-search.php in this  
# URL you can add the specially crafted Ticket number.  
# Click on the search and you will see your Javascript code executes.  
  
  
Thanks and Regards,  
  
Priyanka Samak