08c35595ed
23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
18 lines
No EOL
808 B
Text
18 lines
No EOL
808 B
Text
# Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting
|
|
# Date: 2018-05-20
|
|
# Exploit Author: Borna nematzadeh (L0RD)
|
|
# Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?s_rank=1
|
|
# Version: 2.0
|
|
# Tested on: Windows
|
|
|
|
# Description :
|
|
Private Message PHP Script 2.0 suffers from persistent cross site scripting.
|
|
You can put your malicious javascript payload .
|
|
When target opens your massege , payload will be executed before self destruction .
|
|
|
|
# POC :
|
|
1) Put this payload into textarea and click submit :
|
|
</textarea><script>alert(document.cookie)</script>
|
|
|
|
2) You will get a link which your javascript code is inside this link . You can send this link to anyone .
|
|
3) After clicking on "show me the message" , payload will be executed . |