8d28b02dc1
9 changes to exploits/shellcodes JBoss 4.2.x/4.3.x - Information Disclosure Naukri Clone Script 3.0.3 - 'indus' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Multi Language Olx Clone Script - Cross-Site Scripting
28 lines
No EOL
1 KiB
Text
28 lines
No EOL
1 KiB
Text
######################################################################################
|
|
# Exploit Title: Multi Language Olx Clone Script - Stored XSS
|
|
# Date: 08.02.2018
|
|
# Exploit Author: Varun Bagaria
|
|
# Web:
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link: https://www.phpscriptsmall.com/product/olx-clone/
|
|
# Category: Web Application
|
|
# Version:2.0.6
|
|
# Tested on: Windows 7
|
|
# CVE: NA
|
|
#######################################################################################
|
|
|
|
Proof of Concept
|
|
=================
|
|
URL: https://www.phpscriptsmall.com/product/olx-clone/
|
|
Attack Vector : Comment
|
|
Payload : <svg/onload=alert(document.cookie)>
|
|
|
|
Reproduction Steps:
|
|
------------------------------
|
|
1.Access the above URL
|
|
2. Click on "User Demo:
|
|
3. Application will be redirected to http://under24usd.com/demo/classi/
|
|
4. Goto "Register" and Create a New User
|
|
5. Now Login into the application and Click on any :Listing"
|
|
6. Click on "Comment" -> "Leave Comment" and inject <svg/onload=alert(document.cookie)>
|
|
7. Persistent XSS will be executed. |