Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload

Read Time:21 Second

Posted by Andrey Stoykov on Jul 25

# Exploit Title: Availability Booking Calendar PHP – Multiple Issues
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Tested on: Ubuntu 20.04
# Blog: http://msecureltd.blogspot.com

XSS #1:

Steps to Reproduce:

1. Browse to Bookings
2. Select All Bookings
3. Edit booking and select Promo Code
4. Enter payload TEST”><script>alert(`XSS`)</script>

// HTTP POST request

POST…

golang-github-aws-sdk-2-20250103-1.fc41 golang-github-aws-smithy-1.22.1-1.fc41 golang-github-ncw-swift-2-2.0.3-1.fc41 rclone-1.68.2-1.fc41

FEDORA-2025-0620fdebb6 Packages in this update: golang-github-aws-sdk-2-20250103-1.fc41 golang-github-aws-smithy-1.22.1-1.fc41 golang-github-ncw-swift-2-2.0.3-1.fc41 rclone-1.68.2-1.fc41 Update description: Fix for CVE-2024-52522 & CVE-2024-45338 Read More

January 5, 2025

Friday Squid Blogging: Anniversary Post

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks

Atos Group Denies Space Bears’ Ransomware Attack Claims

ShredOS

Crypto Boss Extradited to Face $40bn Fraud Charges

DDoS Disrupts Japanese Mobile Giant Docomo

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses

Apple Agrees $95M Settlement Over Siri Privacy Violations

US Confirms Russian GenAI Disinformation Op Targeted Election

Availability Booking Calendar PHP – Stored XSS and Unrestricted File Upload

golang-github-aws-sdk-2-20250103-1.fc41 golang-github-aws-smithy-1.22.1-1.fc41 golang-github-ncw-swift-2-2.0.3-1.fc41 rclone-1.68.2-1.fc41

mupdf-1.24.6-4.fc41

golang-github-aws-sdk-2-20250103-1.fc42 golang-github-rclone-gofakes3-0.0.3-1.fc42 rclone-1.68.2-1.fc42

suricata-7.0.8-1.el8

suricata-7.0.8-1.fc40

suricata-7.0.8-1.el9