API tools faq
paste
Advertisement
ManhNho

CVE-2018-9236

ManhNho
Apr 4th, 2018
3,759
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.76 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
  2. # Date: 02/04/2018
  3. # Exploit Author: ManhNho
  4. # Contact: https://facebook.com/aviciicloud
  5. # Vendor Homepage: https://www.iscripts.com
  6. # Demo Page: https://www.demo.iscripts.com/easycreate/demo/
  7. # Version: 3.2.1
  8. # Tested on: Windows 10
  9. # Category: Webapps
  10. # CVE: CVE-2018-9236
  11.  
  12. 1. Description
  13. ====================
  14. iScripts Easycreate 3.2.1 is affected by a XSS vulnerability
  15.  
  16. 2. PoC
  17. ====================
  18. > #1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
  19. > #2. In "edit site" action
  20. > Inject </title>"><script>alert('1')</script> to "Site title" field
  21. > #3. Save and change! refresh and we have alert pop up!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!