bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44662.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

18 lines
No EOL
791 B
Text
Raw Blame History

# Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting
# Date: 2018-05-20
# Exploit Author: Borna nematzadeh (L0RD)
# Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?s_rank=1
# Version: 2.0
# Tested on: Windows
# Description :
Private Message PHP Script 2.0 suffers from persistent cross site scripting.
You can put your malicious javascript payload .
When target opens your massege , payload will be executed before self destruction .
# POC :
1) Put this payload into textarea and click submit :
</textarea><script>alert(document.cookie)</script>
2) You will get a link which your javascript code is inside this link . You can send this link to anyone .
3) After clicking on "show me the message" , payload will be executed .
Reference in a new issue View git blame Copy permalink