Shuttle Booking Software 2.0 Cross Site Scripting
2023-11-21 00:9:19 Author: packetstormsecurity.com(查看原文) 阅读量:2 收藏

# Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site
Scripting (Authenticated)
# Date: 09/11/2023
# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)
# Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/
# Software Link: https://www.phpjabbers.com/shuttle-booking-software/
# Version: v2.0
# Tested on: Windows 10, Kali Linux
# CVE: CVE-2023-48172

Descriptions:
Cross Site Scripting vulnerability in Shuttle Booking Software v.2.0 allows
a remote attacker to execute arbitrary code via the name, description,
title and address parameters in the index.php page.

Steps to Reproduce:
1. At first login your panel.
2. Then use any XSS Payload in "name, description, title and address"
parameters in Location, Lines and Users menus.
3. You will see XSS pop up.

## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172)


文章来源: https://packetstormsecurity.com/files/175800/sbs20-xss.txt
如有侵权请联系:admin#unsafe.sh