Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload

Read Time:21 Second

Posted by Andrey Stoykov on Jul 25

# Exploit Title: Availability Booking Calendar PHP – Multiple Issues
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Tested on: Ubuntu 20.04
# Blog: http://msecureltd.blogspot.com

XSS #1:

Steps to Reproduce:

1. Browse to Bookings
2. Select All Bookings
3. Edit booking and select Promo Code
4. Enter payload TEST”><script>alert(`XSS`)</script>

// HTTP POST request

POST…

Cyber Security News

Availability Booking Calendar PHP – Stored XSS and Unrestricted File Upload

News, Advisories and much more