###################################################################################### # Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS # Date: 06.02.2018 # Exploit Author: Prasenjit Kanti Paul # Web: http://hack2rule.wordpress.com/ # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/ # Category: Web Application # Version: 3.1 # Tested on: Linux Mint # CVE: na ####################################################################################### Proof of Concept ================= 1. Login to Hot Scripts Clone : Script Classified 2. Select Any Ads 3. Goto below review section and put "" as title or description 4. You will have popup of "PKP"