CVE-2024-51076
📋 TL;DR
A reflected cross-site scripting (XSS) vulnerability in PHPGurukul Online DJ Booking Management System 1.0 allows attackers to inject malicious scripts via the 'searchdata' parameter in the booking search admin page. This enables execution of arbitrary JavaScript in victims' browsers when they visit a crafted URL. Administrators using the vulnerable admin interface are primarily affected.
💻 Affected Systems
- PHPGurukul Online DJ Booking Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin session cookies, hijack admin accounts, deface the website, or redirect users to malicious sites, potentially leading to complete system compromise if admin privileges are abused.
Likely Case
Session hijacking of admin accounts leading to unauthorized access to the booking management system, data theft, or website defacement.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only causing minor UI disruption.
🎯 Exploit Status
Exploitation requires tricking an admin into clicking a malicious link. The GitHub reference contains proof-of-concept details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Implement input validation and output encoding in /odms/admin/booking-search.php for the 'searchdata' parameter.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allSanitize the searchdata parameter by validating input and encoding output to prevent script execution.
Edit /odms/admin/booking-search.php to add: htmlspecialchars($_GET['searchdata'], ENT_QUOTES, 'UTF-8') around the parameter usage
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block XSS payloads in the searchdata parameter.
Configure WAF to filter: <script>, javascript:, onload=, etc. in GET parameters
🧯 If You Can't Patch
- Restrict access to /odms/admin/ to trusted IP addresses only using .htaccess or firewall rules.
- Implement Content Security Policy (CSP) headers to mitigate XSS impact by restricting script execution sources.
🔍 How to Verify
Check if Vulnerable:
Test by accessing /odms/admin/booking-search.php?searchdata=<script>alert('XSS')</script> and check if script executes in browser.Check Version:
Check system documentation or admin panel for version info; no standard command available.Verify Fix Applied:
After applying fixes, test with the same payload; script should not execute and should be displayed as plain text.📡 Detection & Monitoring
Log Indicators:
- HTTP GET requests to /odms/admin/booking-search.php with script tags or JavaScript in searchdata parameter
Network Indicators:
- Unusual outbound connections from admin sessions after visiting booking-search.php
SIEM Query:
source="web_logs" AND uri_path="/odms/admin/booking-search.php" AND query_string="*searchdata=*<script>*"