关键漏洞信息 漏洞类型 Chained IDOR and Stored XSS Vulnerability 影响版本 Vulnerable: ≤ v1.0.1 Fixed: v1.0.2 描述 Summer Pearl Group's Vacation Rental Management Platform versions prior to 1.0.2 suffer from an Insecure Direct Object Reference (IDOR) vulnerability in the listing management functionality. Authenticated attackers can manipulate request parameters to create/modify listings under arbitrary user accounts. Combined with insufficient input sanitization, this allows Stored Cross-Site Scripting (XSS) attacks via crafted listing names. Successful exploitation leads to unauthorized data manipulation and client-side code execution when victims view affected listings in the calendar interface. 复现步骤 1. Authenticate as attacker 2. Intercept listing request - Capture with Burp Suite or DevTools: 3. Exploit IDOR - Set to victim's ID (e.g., 58) 4. Inject XSS - Malicious payload: 5. Trigger exploit - The vulnerability is triggered when a victim accesses the calendar view, causing the injected XSS payload to execute automatically in their browser. 其他信息 Disclaimer: This project is intended for educational and ethical research purposes only. Discovery: The vulnerability was discovered by Alex Perrakis (Stolichnayer).