Advertisement






Park Ticketing Management System 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-XXXX-XXXX CWE-79 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2020-01-22
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020010168

Below is a copy:

Park Ticketing Management System 1.0 Cross Site Scripting
# Exploit Title: Park Ticketing Management System 1.0 Stored Cross-Site Scripting Vulnerability
# Date: 2020-01-21
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/

# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/

# Software: Park Ticketing Management System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability. This
# Vulnerable script: http://localhost/ptms/normal-search.php
# Vulnerable parameter: search ticket Input Field

# Payload used: <script>alert(123)</script>
# POC: http://localhost/ptms/normal-search.php in this
# URL you can add the specially crafted Ticket number.
# Click on the search and you will see your Javascript code executes.


Thanks and Regards,

Priyanka Samak

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.