Lucene search
Exploit-DBEDB-ID:45141HistoryAug 03, 2018 - 12:00 a.m.
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting
2018-08-0300:00:00
Exploit-DB
www.exploit-db.com
26
EPSS
0.001
Percentile
23.8%
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting. CVE-2018-14082. Webapps exploit for PHP platform
*******************************************************************************************
# Exploit Title: Entrepreneur Job Portal Script 3.0.1- has Stored XSS via Search bar and Location
# Date: 14.07.2018
# Site Titel : JOB SITE (Job Portal)
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link: http://freelancewebdesignerchennai.com/demo/job-portal/
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
#Published On: https://gkaim.com/cve-2018-14082-vikas-chaudhary/
# Tested on: Windows 10 -Firefox ,
# CVE: CVE-2018-14082
*****************************************************************************************
------------------------------------------------------ .
Proof of Concept:-
-------------------------------------------------------
1. Go to the site ( http://server.com/job-portal/ ) .
2- Click on REGISTER page (Register now) .
3- Register by giving you name ,mail and soo on...
4- Verify your mail
5- Come to side and login using your verified mail
6 -When you Loged in
In search bar (keywords, skills , Destination) paste "><svg/onload=alert(/VIKAS/)> and in location paste "><svg/onload=alert(/CHAUDHARY/)> and click on Search
7-You will have 2 popup=> /VIKAS/ and /CHAUDHARY/Related
cvelist
cvelist
CVE-2018-14082
2018-07-18 16:00:00
prion
prion
Cross site scripting
2018-07-18 16:29:00
cve
cve
CVE-2018-14082
2018-07-18 16:29:00
packetstorm
packetstorm
Entrepreneur Job Portal Script 3.0.1 Cross Site Scripting
2018-08-03 00:00:00
nvd
nvd
CVE-2018-14082
2018-07-18 16:29:00