CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities
Title: CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities
Advisory ID: ZSL-2011-4987
Type: Remote
Impact: Cross-Site Scripting, Exposure of System Information
Risk: (3/5)
Release Date: 22.01.2011
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
[16.01.2011] Initial contact with the vendor.
[20.01.2011] No response from vendor.
[22.01.2011] Public advisory released.
[07.02.2011] Vendor releases version 2.0.5 to address this issue.
[2] http://www.exploit-db.com/ghdb/3677/
[3] http://secunia.com/advisories/43036/
[4] http://www.securityfocus.com/bid/45965
[5] http://securityreason.com/exploitalert/9871
[6] http://securityreason.com/exploitalert/9876
[7] http://packetstormsecurity.org/files/97804
[8] http://osvdb.org/show/osvdb/70631
[9] http://xforce.iss.net/xforce/xfdb/64854
[24.01.2011] - Added reference [3] and [4]
[25.01.2011] - Added reference [5], [6] and [7]
[26.01.2011] - Added reference [8]
[27.01.2011] - Added reference [9]
[07.02.2011] - Updated vendor status
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-4987
Type: Remote
Impact: Cross-Site Scripting, Exposure of System Information
Risk: (3/5)
Release Date: 22.01.2011
Summary
Open source hotel booking system (Internet Booking Engine (IBE)). Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support.Description
CultBooking Hotel Booking System suffers from a XSS/PD vulnerability when parsing user input to the 'bookingcode', 'email' and 'lang' parameter via POST and GET methods in cultbooking.php script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.Vendor
Cultuzz Digital Media GmbH - http://www.cultuzz.comAffected Version
2.0.4Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
[16.01.2011] Vulnerability discovered.[16.01.2011] Initial contact with the vendor.
[20.01.2011] No response from vendor.
[22.01.2011] Public advisory released.
[07.02.2011] Vendor releases version 2.0.5 to address this issue.
PoC
cultbooking_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.exploit-db.com/exploits/16028/[2] http://www.exploit-db.com/ghdb/3677/
[3] http://secunia.com/advisories/43036/
[4] http://www.securityfocus.com/bid/45965
[5] http://securityreason.com/exploitalert/9871
[6] http://securityreason.com/exploitalert/9876
[7] http://packetstormsecurity.org/files/97804
[8] http://osvdb.org/show/osvdb/70631
[9] http://xforce.iss.net/xforce/xfdb/64854
Changelog
[22.01.2011] - Initial release[24.01.2011] - Added reference [3] and [4]
[25.01.2011] - Added reference [5], [6] and [7]
[26.01.2011] - Added reference [8]
[27.01.2011] - Added reference [9]
[07.02.2011] - Updated vendor status
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
