Sign in
Sign up

Image Sharing Script – Stored XSS

Hacking articles, Technical Pentesting Tutorials, Website Development tricks | Hacksayan

############################################################################

# Exploit Title: Image Sharing Script – Stored XSS

# Date: 11.02.2018

# Exploit Author: Sayan Chatterjee

# Vendor Homepage: https://www.phpscriptsmall.com/

# Software Link: https://www.phpscriptsmall.com/product/image-sharing-script/

# Category: Web Application

# Version: 1.3.3

# Tested on: Windows 10

# CVE: CVE-2018-6901

############################################################################

Proof of Concept

=================

URL: https://www.phpscriptsmall.com/product/image-sharing-script/

Attack Vector : Full Name

Payload : <svg/onload=alert(document.cookie)>

Reproduction Steps:

——————————

1. Access the above URL

2. Click on “User Demo:

3. The application will be redirected to http://fxwebsolution.com/demo/jansi/stock-free-snap/

4. Go to “Register” and Create a New User

5. Now log in into the application and Click on: Profile “

6. Click on “Edit Profile” -> Select “Full Name” field and inject <svg/onload=alert(document.cookie)>

7. Persistent XSS will be executed.

#CVE #exploitdb #nse

Facebook
Twitter
Email
Print
admin
admin

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter

Sign up our newsletter to get update information, news and free insight.

Latest Post

COURSES

BLOGS

Newsletter

Sign up our newsletter to get update information, news and free insight.

Ready to learn on-the-go? Download our mobile app ecourse and start learning anytime, anywhere!

Facebook-f Instagram Twitter Linkedin-in Youtube
Copyright© 2023 HACKSAYAN, All rights reserved. Designed by ZIYANEX PVT.LTD.