SHARE
TWEET

CVE-2018-9236

ManhNho Apr 4th, 2018 (edited) 464 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
  2. # Date: 02/04/2018
  3. # Exploit Author: ManhNho
  4. # Contact: https://facebook.com/aviciicloud
  5. # Vendor Homepage: https://www.iscripts.com
  6. # Demo Page: https://www.demo.iscripts.com/easycreate/demo/
  7. # Version: 3.2.1
  8. # Tested on: Windows 10
  9. # Category: Webapps
  10. # CVE: CVE-2018-9236
  11.  
  12. 1. Description
  13. ====================
  14. iScripts Easycreate 3.2.1 is affected by a XSS vulnerability
  15.  
  16. 2. PoC
  17. ====================
  18. > #1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
  19. > #2. In "edit site" action
  20. >  Inject </title>"><script>alert('1')</script> to "Site title" field
  21. > #3. Save and change! refresh and we have alert pop up!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top