Authored by CraCkEr

NetArt Media PHP Hotel Site version 2.0 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://www.netartmedia.net/php-hotel-booking                              │
│  Vendor   : NetArt Media                                                               │
│  Software : PHP Hotel Site 2.0                                                         │
│  Vuln Type: Stored XSS                                                                 │
│  Impact   : Manipulate the content of the site                                         │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│  information, manipulate data, and launch additional attacks.                          │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

   Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

  CryptoJob (Twitter) twitter.com/0x0CryptoJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


## Stored XSS

-----------------------------------------------
POST /booking/index.php HTTP/2

page=book&id=0&room_code=F753N132&room_name=Standard+double+room&price=&start_time=1687237200&end_time=1687410000&nights=&ProceedBooking=1&name=[XSS Payload]&email=abc%40abc.com&phone=[XSS Payload]&code=28649&remarks=[XSS Payload]
-----------------------------------------------

POST parameter 'name' is vulnerable to XSS
POST parameter 'phone' is vulnerable to XSS
POST parameter 'remarks' is vulnerable to XSS


## Steps to Reproduce:

1. At the index page Search for your Booking (as Guest)
2. Select any Room by Press [Book Now]
3. Inject your [XSS Payload] in "Name"
4. Inject your [XSS Payload] in "Phone"
5. Inject your [XSS Payload] in "Remarks "
6. Press [Book Now] to Submit You will receive to (Thank you. You'll receive an email when your booking is confirmed.)

6. When the Admin Login to the Administration Panel on this Path (https://website/booking/admin/index.php)
7. XSS will Fire & Executed on his Browser Instantly After the Login

[-] Done

RELATED ARTICLESMORE FROM AUTHOR