Park Ticketing Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
655ca7a0bec5cc7e8837a95b1e6427465ffcae2cb05ecfeb763894e78ae3fb51# Exploit Title: Park Ticketing Management System 1.0 Stored Cross-Site Scripting Vulnerability
# Date: 2020-01-21
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/
# Software: Park Ticketing Management System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability. This
# Vulnerable script: http://localhost/ptms/normal-search.php
# Vulnerable parameter: ‘search ticket’ Input Field
# Payload used: <script>alert(123)</script>
# POC: http://localhost/ptms/normal-search.php in this
# URL you can add the specially crafted Ticket number.
# Click on the search and you will see your Javascript code executes.
Thanks and Regards,
Priyanka Samak
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed