Online Hotel Booking System Pro 1.3 Cross Site Scripting

Online Hotel Booking System Pro version 1.3 suffers from a cross site scripting vulnerability.

MD5 | 0b7a04b2e1ae92b4922bf68fc26adcf8

# Exploit Title: Online Hotel Booking System Pro v1.3 XSS Vulnerability
# Google Dork:N/A
# Date: 2020-04-04
# Exploit Author: @ThelastVvV
# Vendor Homepage:
# Version: 1.3
# Tested on: 5.4.0-4parrot1-amd64



Persistent Cross-site Scripting in Customer registration-form all-tags

PoC 1:

1- Go to the hotel booking page then choose new customor


2- In "any " field of registration form type your payload :
"><img src=x onerror=prompt(document.domain);>

3-then hit CONTINUE

4- Once the admin logs in and go to Customerlookup page ... the admin will be xssed


XSS can lead to adminstators/users's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data, CSRF attacks and other critical attacks on administrators directly.


Related Posts