8d28b02dc1
9 changes to exploits/shellcodes JBoss 4.2.x/4.3.x - Information Disclosure Naukri Clone Script 3.0.3 - 'indus' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Multi Language Olx Clone Script - Cross-Site Scripting
19 lines
No EOL
743 B
Text
19 lines
No EOL
743 B
Text
######################################################################################
|
|
# Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS
|
|
# Date: 07.02.2018
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/
|
|
# Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
|
|
# Category: Web Application
|
|
# Exploit Author: Prasenjit Kanti Paul
|
|
# Web: http://hack2rule.wordpress.com/
|
|
# Version: 1.0.5
|
|
# Tested on: Linux Mint
|
|
# CVE: CVE-2018-6858
|
|
#######################################################################################
|
|
|
|
Proof of Concept
|
|
=================
|
|
1. Login as a user
|
|
2. Goto "Comment" option of any post
|
|
3. Put "<script>alert("PKP")</script>" as comment
|
|
4. You will be having a popup "PKP" |