| Título | Multiple Stored-XSS Discovered in Online Banquet Booking System v1.0 |
|---|
| Descripción | Hello friends,
With a little auditing of this PHP app I have found a few ways to execute some satisfying XSS payloads.
The project can be found for download here: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/
Payloads used for Stored-XSS: "><img src=x onerror=location=atob`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`>
1) Register yourself as a user or use the bundled test user ([email protected]:Test@123),
- after logging in, you can edit your account details and set your user's name as the payload mentioned above.
- The payload will execute any time the name appears on the page and is rendered by the browser. This happens when viewing the details of an event your user is associated with, i.e. this endpoint:
/view-booking-detail.php?editid=3&&bookingid=347642822
(the parameter values will be unique to your instance)
- this is mostly Self-XSS, or you could send the link to others
- more importantly, these events show up on the admin console, like here:
/admin/view-booking-detail.php?editid=3
2) The second parameter vulnerable to stored-XSS can be found when booking a service as a regular user.
You can enter the same payload into the message parameter on the form found on
/book-services.php?bookid=3
Again, the payload will execute when admin checks recently booked service details through the admin console.
3) Finally, the third stored-XSS can be found at the "contact us" form found at /mail.php in another "message" parameter.
This XSS will execute when admin checks their recent messages on the admin console, found at: /admin/view-user-queries.php?viewid=8
Thanks for reading, keep up the great work!!
- Jann |
|---|
| Usuario | scumdestroy (UID 48934) |
|---|
| Sumisión | 2023-09-28 02:34 (hace 3 años) |
|---|
| Moderación | 2023-09-29 18:25 (2 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 240944 [Online Banquet Booking System 1.0 Contact Us Page /mail.php Mensaje secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 17 |
|---|