Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting

2018.02.08

Credit: Prasenjit Kanti Paul

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

######################################################################################
# Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS
# Date: 06.02.2018
# Exploit Author: Prasenjit Kanti Paul
# Web: http://hack2rule.wordpress.com/
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script
# Category: Web Application
# Version: =>3.0
# Tested on: Linux Mint
# CVE: NA
#######################################################################################
 
Proof of Concept
=================
1. Login as a user
2. Goto "Edit Profile"
3. Edit any field with "<script>alert("PKP")</script>"
4. Save Profile
5. You will be having a popup "PKP"

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.