Headline
CVE-2023-34537: GitHub - leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage’s parameter to trick user on browser and/or exfiltrate data.
CVE-2023-34537—XSS-reflected–found-in-HotelDruid-3.0.5
HotelDruid v3.0.5 are vulnerable to multipe XSS vulnerability. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
This is my third repo. Don’t beat me if i didn’t explain well.
Description of product : Hoteldruid is an open source program for hotel management (property management software) developed by DigitalDruid.Net.
Description of vulnerability : We found that this web application allowed any authenticated user to inject arbitrary web script or HTML into affected parameter and again, dont beat me if i didn’t explain well.
Affected Webpage : creaprezzi.php Affected Webpage : crearegole.php Affected Parameter&Component : tipotariff from creaprezzi.php Affected Parameter&Component : inizioperiodo from crearegole.php
Step 1: login and navigate to creaprezzi.php , the highligted part is the affected parameter in GUI
Step 2: Select the drop down list, it could be any and intercept with Burpsuite , then add the this payload after parameter tipotariff + your selectuon ID
payload used : a19yc%22%3e%3cscript%3ealert(“THIS IS XSS FROM BB”)%3c%2fscript%3emjf9oc2183m
Step 3: Forward and Enjoy :-) .
Second Affected Webpage
Step 1 : login and navigate to crearegole.php , Screenshot below shows the affected parameter
Step 2 : you can just intercept with burp and added the xss payload after affected parameter. payload used : a19yc%22%3e%3cscript%3ealert(“THIS IS XSS FROM BB”)%3c%2fscript%3emjf9oc2183m
Step 3 : Forward and Enjoy .
PS: Vendor have acknowledged and will release the bug fixes in next version. no coffee for BB…Zzzz