Online Movie Ticket Booking System v1.0 - Stored Cross-Site Scripting (XSS)
Summary
| Name | Online Movie Ticket Booking System v1.0 - Stored Cross-Site Scripting (XSS) |
| Code name | |
| Product | Online Movie Ticket Booking System |
| Affected versions | Version 1.0 |
| State | Public |
| Release date | 2023-09-28 |
Vulnerabilities
| Kind | Stored Cross-Site Scripting (XSS) |
| Rule | |
| Remote | Yes |
| CVSSv3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
| CVSSv3.1 Base Score | 6.4 |
| Exploit available | Yes |
| CVE ID(s) |
Description
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
Vulnerability
The 'amount' parameter of the process_booking.php resource is copied into the bank.php document as plain text between tags. Any input is echoed unmodified in the bank.php response. The vulnerable code is:
process_booking.php:
session_start();
extract($_POST);
include('config.php');
$_SESSION['screen']=$screen;
$_SESSION['seats']=$seats;
$_SESSION['amount']=$amount;
$_SESSION['date']=$date;
header('location:bank.php');
bank.php:
<dl class="mercDetails"> <dt>Merchant</dt> <dd>Shop Street</dd> <dt>Transaction Amount</dt> <dd>INR <?php echo $_SESSION['amount'];?></dd> <dt>Debit Card</dt> <dd><?php echo $number;?></%></dd> </dl>
Our security policy
We have reserved the ID CVE-2023-44174 to refer to this issues from now on.
System Information
- Version: Online Movie Ticket Booking System v1.0
- Operating System: Any
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team.
References
Vendor page https://projectworlds.in/
Timeline
2023-09-26
Vulnerability discovered.
2023-09-26
Vendor contacted.
2023-09-28
Public Disclosure.
