Home Toll Tax Management System - Multiple stored XSS
Post
Cancel

Toll Tax Management System - Multiple stored XSS

Posted Jul 30, 2023
By Aftab Shaikh
1 min read

CVE-2023-36158

Exploit Title: Toll Tax Management System - Multiple stored XSS

Date: 10/6/2023

Exploit Author: Aftab Shaikh - Cryptex

Vendor Homepage: https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html

Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/ttms_1.zip

Version: 1.0

Tested on: XAMPP Debian Server 8.0.28-1 Apache/2.4.57 10.11.3-MariaDB PHP 8.2.5

Technical Details & POC

XSS 1

1
2
3
4
5
6

1. Access the website by navigating to the URL http://localhost/ttms/admin/login.php
2. Log in to the Dashboard using your credentials (Default Credentials).
3. Once logged in, locate and click on the "My Account" option.
4. In the "My Account" section, find the "First Name" field.
5. Insert the XSS payload <script>alert(1)</script> into the "First Name" field.
6. After inserting the payload, click on the "Update" button to save the changes.

XSS 2

1
2
3
4
5
6

1. Access the website by navigating to the URL http://localhost/ttms/admin/login.php
2. Log in to the Dashboard using your credentials (Default Credentials).
3. Once logged in, locate and click on the "My Account" option.
4. In the "My Account" section, find the "Last Name" field.
5. Insert the XSS payload <script>alert(1)</script> into the "Last Name" field.
6. After inserting the payload, click on the "Update" button to save the changes.
CVE Attacks, Toll Tax Management System - Multiple stored XSS
CVE OWASP 10 web app
This post is licensed under CC BY 4.0 by the author.
Contents