7a33f5d0bf
15 changes to exploits/shellcodes NoMachine x86 < 6.0.80 - 'nxfuse' Privilege Escalation NoMachine x64 < 6.0.80 - 'nxfuse' Privilege Escalation Armadito Antivirus 0.12.7.2 - Detection Bypass Joomla! Component CW Tags 2.0.6 - SQL Injection Joomla! Component Proclaim 9.1.1 - Backup File Download Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection Joomla! Component Ek Rishta 2.9 - SQL Injection Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection Joomla! Component CheckList 1.1.1 - SQL Injection Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting
19 lines
No EOL
673 B
Text
19 lines
No EOL
673 B
Text
#######################################################
|
||
# Exploit Title: Alibaba Clone Script 1.0.2 – Stored XSS
|
||
# Date: 09.02.2018
|
||
# Vendor Homepage: https://www.phpscriptsmall.com/
|
||
# Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/
|
||
# Category: Web Application
|
||
# Exploit Author: Prasenjit Kanti Paul
|
||
# Web: http://hack2rule.wordpress.com/
|
||
# Version: 1.0.2
|
||
# Tested on: Linux Mint
|
||
# CVE: CVE-2018-6867
|
||
#######################################################
|
||
|
||
Proof of Concept
|
||
-----------------
|
||
1. Login into the site
|
||
2. Goto “Edit Profile”
|
||
3. Put <script>alert("PKP")</script> in any field
|
||
4. You will be having a popup “PKP” |