A stored cross-site scripting vulnerability exists in Online Car Rental System 1.0, which allows an attacker to inject malicious JavaScript code into the application. This can be exploited by an attacker to execute malicious JavaScript code in the context of the application, by sending a specially crafted request to the vulnerable application. This can result in the attacker being able to steal session cookies, hijack user accounts, and perform other malicious activities.
Changing the path when downloading the stored backup allows an attacker to both read and delete internal system files (LFI). The 'Delete' tab also allows an attacker to delete files on the server.
The GET parameter 'sidx' does not sanitize user input when searching for existing contact forms, allowing for SQL injection. The 'Edit name' and 'Contact information' features are vulnerable to stored XSS, allowing for malicious JavaScript to be executed.
The GET parameters 'search' and 'sidx' does not sanitize user input when searching for badges. An attacker can use ZAP/Burp to capture the web request when searching for data and save it to request.txt. Then, they can use sqlmap to exploit the vulnerability.
The GET parameter 'sidx' does not sanitize user input when searching for existing subscribers, allowing for a time-based blind SQL injection attack. Use ZAP/Burp to capture the web request when searching for existing subscribers and save it to request.txt. Then use sqlmap -r request.txt --dbms=mysql -p sidx to exploit the vulnerability.
Renaming a file and setting its name as <img src=x onerror=alert(1)>.jpg, going to New mail, selecting recipient and the selecting attachment, and sending the mail to recipient and opening email from recipent side, can lead to the execution of the code when the victim clicks on the forward button, resulting in a XSS pop-up.
Go to contact section and distribution list menu. Create a new distribution list. Contact name field is vulnerabile to XSS. Use the payload <img src=x onerror=alert(1)>. We can see execution code and after saving it, each time we visits the distribution list section the XSS pop-up is seen.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
The GET parameter 'sidx' does not sanitize user input when searching for existing pricing tables. The 'Edit name' and 'Edit HTML' features are vulnerable to stored XXS.
The GET parameter 'sidx' does not sanitize user input when searching for existing maps. An attacker can use ZAP/Burp to capture the web request when searching for existing maps and save it to request.txt. Then, they can use sqlmap to exploit the vulnerability.
Services By CQR