Stored XSS Stored Cross Site Scripting Vulnerability on secure booking com
iSpeech
Hi Booking.com,
Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3'rd ranking in OWASP] security vulnerability on your system.
I faced a technical security bug called "Stored XSS (Stored Cross Site Scripting) Vulnerability on secure.booking.com".
Login Info:
user: luvej@1rentcar.top
Pass: Hell1258
Let's follow me...
Payload=
I just post this at aboutme in settings.
Here is popup autometically : https://secure.booking.com/company/settings.html?aid=304142;label=gen173rf-1FCA8oggJCEXByb2ZpbGUvbXlhY2NvdW50SDFYA2gUiAEBmAExuAEGyAEP2AEB6AEB-AEGkgIBeaICDXRlbXAtbWFpbC5vcmeoAgM;sid=a65174bb452a12d4a400f21bf3682fb7
An attacker can defaced your community using script. And also attacker can stole cookies of your users using cookies stealling method.
Please See my Video Poc for understand clearly. Hopefully Those are Very critical issue.
Resolve those issue as soon as possible.
Here is proof as video concept: https://youtu.be/yQ-RrboKG3E
Thank you
Shaifullah Shaon (Black_EyE)
shaon.durjoy@gmail.com
2017-04-29 09:49:43
source
Gloss