| Title | code-projects Simple Online Hotel Reservation System 1.0 Cross site scripting |
|---|
| Description | 1. Access the reservation link and identify vulnerable input fields (Firstname and Lastname).
2. Capture the request in BurpSuite to bypass initial payload rejection.
3. Insert XSS payload (<script>alert(1)</script>) in either field and send the request.
4. Reservation details, visible only to administrators, trigger the payload upon viewing.
5. Blind XSS payload can lead to stealing admin cookies for account takeover. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing |
|---|
| User | mallutrojan (UID 60819) |
|---|
| Submission | 01/11/2024 19:59 (2 years ago) |
|---|
| Moderation | 01/12/2024 15:15 (19 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 250618 [code-projects Simple Online Hotel Reservation System 1.0 Make a Reservation Page add_reserve.php Firstname/Lastname cross site scripting] |
|---|
| Points | 20 |
|---|