ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                     C r a C k E r                                    ââ
ââ                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

 âââââ              From The Ashes and Dust Rises An Unimaginable crack....          âââââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                  [ Vulnerability ]                                   ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
:  Author   : CraCkEr                                                                    :
â  Website  : PHPJabbers.com                                                             â
â  Vendor   : PHPJabbers                                                                 â
â  Software : PHPJabbers Property Listing Script 3.1                                     â
â  Vuln Type: Reflected XSS                                                              â
â  Impact   : Manipulate the content of the site                                         â
â                                                                                        â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â                                                                                       ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
:                                                                                        :
â  Release Notes:                                                                        â
â  âââââââââââââ                                                                         â
â  The attacker can send to victim a link containing a malicious URL in an email or      â
â  instant message can perform a wide variety of actions, such as stealing the victim's  â
â  session token or login credentials                                                    â
â                                                                                        â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                                                                      ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
	CryptoJob (Twitter) twitter.com/CryptozJob
	   
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                    ÂŠ CraCkEr 2023                                    ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

Path: /preview.php
Method: GET

/preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=[XSS]&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=[XSS]&max_bedrooms=[XSS]&min_bathrooms=[XSS]&max_bathrooms=[XSS]&min_floor_area=11&max_floor_area=33


URL parameter 'for' is vulnerable to XSS

URL parameter 'min_bedrooms' is vulnerable to XSS

URL parameter 'max_bedrooms' is vulnerable to XSS

URL parameter 'min_bathrooms' is vulnerable to XSS

URL parameter 'max_bathrooms' is vulnerable to XSS


[-] Done