Headline
CVE-2022-36668: POC-DUMP/README.md at main · saitamang/POC-DUMP
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.
Permalink
Cannot retrieve contributors at this time
CVE-2022-36667
# Exploit Title: Garage Management System Remote Code Execution via File Upload
# Date: 24/07/2022
# Exploit Author: saitamang
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/garage.zip
# Version: 1.0
# Tested on: Centos 7 + MySQL
Writeup for PacketStorm
The automation script can be downloaded here
CVE-2022-36668
# Exploit Title: Garage Management System 1.0 is vulnerable to Stored Cross Site (XSS)
# Date: 24/07/2022
# Exploit Author: saitamang
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/garage.zip
# Version: 1.0
# Tested on: Centos 7 + MySQL
Create: From “Parts” > “Add Parts” > Filled all the form and Intercept using burpsuite > edit 3 parameters “productName” ,"quantity","rate" with payload below. Edit: After creating parts using normal input or access from “Parts” > “Manage Parts” > edit the parts an intercept the request using burpsuite > edit 3 parameters “editProductName","editQuantity","editRate” with payload below.
Payload --> "><svg/onload=alert(document.cookie)>