{"id":45830,"date":"2023-07-28T18:15:03","date_gmt":"2023-07-28T14:15:03","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173801\/joomlasolidres2133-xss.txt"},"modified":"2023-07-28T23:34:18","modified_gmt":"2023-07-28T19:04:18","slug":"joomla-solidres-2-13-3-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/joomla-solidres-2-13-3-cross-site-scripting\/","title":{"rendered":"Joomla Solidres 2.13.3 Cross Site Scripting"},"content":{"rendered":"

# Exploit Title: Joomla Solidres 2.13.3 – Reflected XSS
\n# Exploit Author: CraCkEr
\n# Date: 28\/07\/2023
\n# Vendor: Solidres Team
\n# Vendor Homepage: http:\/\/solidres.com\/
\n# Software Link: https:\/\/extensions.joomla.org\/extension\/vertical-markets\/booking-a-reservations\/solidres\/
\n# Demo: http:\/\/demo.solidres.com\/joomla
\n# Tested on: Windows 10 Pro
\n# Impact: Manipulate the content of the site<\/p>\n

## Greetings<\/p>\n

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
\nCryptoJob (Twitter) twitter.com\/0x0CryptoJob<\/p>\n

## Description<\/p>\n

The attacker can send to victim a link containing a malicious URL in an email or instant message
\ncan perform a wide variety of actions, such as stealing the victim’s session token or login credentials<\/p>\n

GET parameter ‘show’ is vulnerable to XSS
\nGET parameter ‘reviews’ is vulnerable to XSS
\nGET parameter ‘type_id’ is vulnerable to XSS
\nGET parameter ‘distance’ is vulnerable to XSS
\nGET parameter ‘facilities’ is vulnerable to XSS
\nGET parameter ‘categories’ is vulnerable to XSS
\nGET parameter ‘prices’ is vulnerable to XSS
\nGET parameter ‘location’ is vulnerable to XSS
\nGET parameter ‘Itemid’ is vulnerable to XSS<\/p>\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=0&show=[XSS]\n

https:\/\/website\/joomla\/greenery_hub\/index.php?option=com_solidres&task=hub.updateFilter&location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&reviews=[XSS]&facilities=18&<\/p>\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=d2tff&task=hub.search&ordering=score&direction=desc&type_id=[XSS]\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=[XSS]&facilities=14<\/p>\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=[XSS]\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=306&a0b5056f4a0135d4f5296839591a088a=1distance=0-25&distance=0-25&categories=[XSS]\n

https:\/\/website\/joomla\/greenery_hub\/index.php?option=com_solidres&task=hub.updateFilter&location=d2tff&ordering=distance&direction=asc&prices=[XSS]\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=[XSS]&task=hub.search&ordering=score&direction=desc&type_id=11<\/p>\n

https:\/\/website\/joomla\/greenery_hub\/index.php\/en\/hotels\/reservations?location=italy&checkin=27-07-2023&checkout=28-07-2023&option=com_solidres&task=hub.search&Itemid=[XSS]&a0b5056f4a0135d4f5296839591a088a=1distance=0-11&distance=0-11&facilities=14<\/p>\n[-] Done<\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: Joomla Solidres 2.13.3 – Reflected XSS # Exploit Author: CraCkEr # Date: 28\/07\/2023 # Vendor: Solidres Team # Vendor Homepage: http:\/\/solidres.com\/ # Software Link: https:\/\/extensions.joomla.org\/extension\/vertical-markets\/booking-a-reservations\/solidres\/ # Demo: http:\/\/demo.solidres.com\/joomla # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Greetings The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45830","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45830"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45830\/revisions"}],"predecessor-version":[{"id":45855,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45830\/revisions\/45855"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}