# Exploit Title: Park Ticketing Management System 1.0 Stored Cross-Site Scripting Vulnerability
# Date: 2020-01-21
# Exploit Author: Priyanka Samak
# Vendor Homepage: https://phpgurukul.com/

# Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/

# Software: Park Ticketing Management System
# Version : 1.0
# Vulnerability Type: Cross-site Scripting
# Vulnerability: Stored XSS
# Tested on Windows 10
# This application is vulnerable to Stored XSS vulnerability. This
# Vulnerable script: http://localhost/ptms/normal-search.php
# Vulnerable parameter: ‘search ticket’ Input Field

# Payload used: <script>alert(123)</script>
# POC: http://localhost/ptms/normal-search.php in this
# URL you can add the specially crafted Ticket number.
# Click on the search and you will see your Javascript code executes.


Thanks and Regards,

Priyanka Samak