8d28b02dc1
9 changes to exploits/shellcodes JBoss 4.2.x/4.3.x - Information Disclosure Naukri Clone Script 3.0.3 - 'indus' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Multi Language Olx Clone Script - Cross-Site Scripting
19 lines
No EOL
765 B
Text
19 lines
No EOL
765 B
Text
#################################################################################################################
|
|
# Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS
|
|
# Date: 07.02.2018
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link: https://www.phpscriptsmall.com/product/lawyer-script/
|
|
# Category: Web Application
|
|
# Exploit Author: Prasenjit Kanti Paul
|
|
# Web: http://hack2rule.wordpress.com/
|
|
# Version: 1.0.2
|
|
# Tested on: Linux Mint
|
|
# CVE: CVE-2018-6861
|
|
##################################################################################################################
|
|
|
|
*Proof of Concept*
|
|
|
|
1. Login into site
|
|
2. Goto "Edit Profile"
|
|
3. Put "<script>alert("PKP")</script>" in any field
|
|
4. You will be having a popup "PKP" |