Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting

2018-02-07T00:00:00

Description

Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting (XSS)

{"id": "EDB-ID:43989", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting", "description": "Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting. Webapps exploit for PHP platform. Tags: Cross-Site Scripting (XSS)", "published": "2018-02-07T00:00:00", "modified": "2018-02-07T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://www.exploit-db.com/exploits/43989/", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2018-02-07T20:53:47", "viewCount": 7, "enchantments": {"score": {"value": 3.8, "vector": "NONE"}, "dependencies": {}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-25004"]}]}, "exploitation": null, "vulnersScore": 3.8}, "sourceHref": "https://www.exploit-db.com/download/43989/", "sourceData": "######################################################################################\r\n# Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS\r\n# Date: 06.02.2018\r\n# Exploit Author: Prasenjit Kanti Paul\r\n# Web: http://hack2rule.wordpress.com/\r\n# Vendor Homepage: https://www.phpscriptsmall.com/\r\n# Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script\r\n# Category: Web Application\r\n# Version: =>3.0\r\n# Tested on: Linux Mint\r\n# CVE: NA\r\n#######################################################################################\r\n\r\nProof of Concept\r\n=================\r\n1. Login as a user\r\n2. Goto \"Edit Profile\"\r\n3. Edit any field with \"<script>alert(\"PKP\")</script>\"\r\n4. Save Profile\r\n5. You will be having a popup \"PKP\"", "osvdbidlist": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645476375}}