CVE-2021-46005 PoC — Sourcecodester Car Rental Management System 跨站脚本漏洞

Source

Associated Vulnerability

Description

CVE-2021-46005

Readme

# CVE-2021-46005
## **All Details about CVE-2021-46005**

Software: Online Car Rental System 1.0

Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html

Vulnerability Type: Stored Cross Site Scripting

Affected Component: vehicalorcview in post-avehical page

Impact Denial of Service: True

Impact Code execution : True

Attack Type: Remote

Vendor of Product: Sourcecodester

## Description:
Cross-site scripting vulnerabilities occur when a parameter under the user’s control is either reflected to the user, stored and returned at a later time, or executed as a result of modifying the DOM environment. The vulnerability exists in Sourcecodester Online Car Rental System 1.0 in vehicalorcview parameter found during Adding new Vehical in Post Vehical page. Simply adding the simple payload <script>alert("CAR")</script> in vehicalcrview parameter, the application store the payload without input validatoin in database and whenever the client visit the page payload executed

The Affected URL where the  vulnerable parameter can be found : http://HOST/car-rental/admin/post-avehical.php

Impact: This vulnerability allows an attacker  to Hijacked session, Steal Credentials, access to client computers installing Malware in client's computer 

## More Info:
https://www.exploit-db.com/exploits/49546

File Snapshot

 [4.0K]  /data/pocs/43af5e2ffb30a6d03ba13788187dfec3f4a9ddcd
└── [1.3K]  README.md

0 directories, 1 file

Remarks