إرسال #183098: Travelable 1.0 - Stored XSSالمعلومات

عنوان	Travelable 1.0 - Stored XSS
الوصف	# Exploit Title: Travelable 1.0 - Stored XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 15/07/2023 # Vendor: travelmate.com # Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution # Software Link: https://travel.codeswithbipin.com/ # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /[random-number]/comment POST parameter 'comment' is vulnerable to XSS ----------------------------------------------------------- POST /[random-number]/comment HTTP/2 _token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload] ----------------------------------------------------------- ## Steps to Reproduce: 1. Surf as a (Guest User) 2. Go to [Tour Packages] on this Path: https://website/packages 3. Choose any package and click [Explore] Path: https://website/package/6 4. Scroll Down to the [Comments] section 5. Inject your XSS Payload in [Comment Box] 6. Click on [Submit] 7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/6 8. XSS will fire and execute on his browser. [-] Done
المستخدم	skalvin (UID 49463)
ارسال	15/07/2023 07:56 PM (3 سنوات منذ)
الاعتدال	23/07/2023 03:21 PM (8 days later)
الحالة	تمت الموافقة
إدخال VulDB	235214 [Travelmate Travelable Trek Management Solution 1.0 Comment Box تعليق البرمجة عبر المواقع]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!