I found that specified PHPSCRIPTSMALL-Hotel Booking Script – 2.0.4 – has Stored XSS Vulnerability via First name , Last name and Address . To exploit the vulnerability, the following steps were taken.
VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative.
PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record
in completion and implementation of numerous projects in various verticals and domains..
It has 300 plus PHP scripts ready to buy.
DESCRIPTION :- Stored XSS Vulnerability are found in Specified Vendor .
By storing a payload there, an administrative or guest user can be attacked by an attacker
without tricking them to visit a malicious web site or clicking on ann malicious link.
Step 1- Go to the Vendor Product Link “ https://www.phpscriptsmall.com/product/hotel-booking-script/ ” or CLICK HERE
Step 2- Select => SIGN UP/IN => REGISTER=> and then fill the Form Click on REGISTER.
Step 3-Goto your mail and Verify it.
Step 4-Now come back to site and Sign in using your Verified mail and Password.
Step 5-Select Profile=> Edit Profile and paste these Code in given parameter.
In First Name=> < *Html /Onmouseover=(alert)(/VIKAS/) //
In Last Name => < *img src=data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= onload=alert(/CHAUDHARY/)>
In Address => < *img src=data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= onload=alert(/MYAIM/)>
and click on SUBMIT
[ Note=> Remove * from script]
Step 6- You will having popup of /VIKAS/ , /CHAUDHARY/ and /MYAIM/ in you account… [ /VIKAS/ will popup until you manually not stop ]
My Previous CVE (Visit Once)…
>>> CONTACT US < <<