ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ ââ C r a C k E r ââ ââ T H E C R A C K O F E T E R N A L M I G H T ââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ âââââ From The Ashes and Dust Rises An Unimaginable crack.... âââââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ ââ [ Vulnerability ] ââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ : Author : CraCkEr : â Website : PHPJabbers.com â â Vendor : PHPJabbers â â Software : PHPJabbers Property Listing Script 3.1 â â Vuln Type: Reflected XSS â â Impact : Manipulate the content of the site â â â ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ â ââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ : : â Release Notes: â â âââââââââââââ â â The attacker can send to victim a link containing a malicious URL in an email or â â instant message can perform a wide variety of actions, such as stealing the victim's â â session token or login credentials â â â ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ ââ ââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ ââ Š CraCkEr 2023 ââ ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ Path: /preview.php Method: GET /preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=[XSS]&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=[XSS]&max_bedrooms=[XSS]&min_bathrooms=[XSS]&max_bathrooms=[XSS]&min_floor_area=11&max_floor_area=33 URL parameter 'for' is vulnerable to XSS URL parameter 'min_bedrooms' is vulnerable to XSS URL parameter 'max_bedrooms' is vulnerable to XSS URL parameter 'min_bathrooms' is vulnerable to XSS URL parameter 'max_bathrooms' is vulnerable to XSS [-] Done