CVE-2008-6215

Venalsur Booking Centre Booking System for Hotels Group - Stored Cross-Site Scripting via OfertaID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6215. PoCs published by d3b4g.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Booking System for Hotels Group by Venalsur Bookingcenter. The SQLi allows retrieval of user credentials via a UNION-based attack, while the XSS is a simple reflected payload.

Description

Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3b4g · textwebappsphp

https://www.exploit-db.com/exploits/6876

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in Booking System for Hotels Group by Venalsur Bookingcenter. The SQLi allows retrieval of user credentials via a UNION-based attack, while the XSS is a simple reflected payload.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Booking System for Hotels Group powered by Venalsur Bookingcenter

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK