HotelDruid v3.0.5 are vulnerable to multipe XSS vulnerabilities. These vulnerabilities could allows remote authenticated attackers to inject arbitrary web script or HTML.
This is my third repo. Don't beat me if i didn't explain well.
Description of product : Hoteldruid is an open source program for hotel management (property management software) developed by DigitalDruid.Net.
Description of vulnerability : We found that this web application allows any authenticated user to inject arbitrary web script or HTML into affected parameter and again, dont beat me if i didn’t explain well.
Affected Webpage : creaprezzi.php Affected Webpage : crearegole.php Affected Parameter&Component : tipotariff from creaprezzi.php Affected Parameter&Component : inizioperiodo from crearegole.php
Step 1: login and navigate to creaprezzi.php , the highligted part is the affected parameter in GUI
Step 2: Select the drop down list, it could be any and intercept with Burpsuite , then add the this payload after parameter tipotariff + your selectuon ID
payload used : a19yc%22%3e%3cscript%3ealert("THIS IS XSS FROM BB")%3c%2fscript%3emjf9oc2183m
Step 3: Forward and Enjoy :-) .
Second Affected Webpage
Step 1 : login and navigate to crearegole.php , Screenshot below shows the affected parameter
Step 2 : you can just intercept with burp and added the xss payload after affected parameter.
payload used : a19yc%22%3e%3cscript%3ealert("THIS IS XSS FROM BB")%3c%2fscript%3emjf9oc2183m
Step 3 : Forward and Enjoy .
PS: Vendor have acknowledged and will release the bug fixes in next version. no coffee for BB.....Zzzz