Submit #183098: Travelable 1.0 - Stored XSSinfo

Titel	Travelable 1.0 - Stored XSS
Beschreibung	# Exploit Title: Travelable 1.0 - Stored XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 15/07/2023 # Vendor: travelmate.com # Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution # Software Link: https://travel.codeswithbipin.com/ # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /[random-number]/comment POST parameter 'comment' is vulnerable to XSS ----------------------------------------------------------- POST /[random-number]/comment HTTP/2 _token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload] ----------------------------------------------------------- ## Steps to Reproduce: 1. Surf as a (Guest User) 2. Go to [Tour Packages] on this Path: https://website/packages 3. Choose any package and click [Explore] Path: https://website/package/6 4. Scroll Down to the [Comments] section 5. Inject your XSS Payload in [Comment Box] 6. Click on [Submit] 7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/6 8. XSS will fire and execute on his browser. [-] Done
Benutzer	skalvin (UID 49463)
Einreichung	15.07.2023 19:56 (vor 3 Jahren)
Moderieren	23.07.2023 15:21 (8 days later)
Status	Akzeptiert
VulDB Eintrag	235214 [Travelmate Travelable Trek Management Solution 1.0 Comment Box Kommentar Cross Site Scripting]
Punkte	17

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!