Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting

2018-02-07T00:00:00
ID PACKETSTORM:146288
Type packetstorm
Reporter Prasenjit Kanti Paul
Modified 2018-02-07T00:00:00

Description

                                        
                                            `######################################################################################  
# Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS  
# Date: 06.02.2018  
# Exploit Author: Prasenjit Kanti Paul  
# Web: http://hack2rule.wordpress.com/  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script  
# Category: Web Application  
# Version: =>3.0  
# Tested on: Linux Mint  
# CVE: NA  
#######################################################################################  
  
Proof of Concept  
=================  
1. Login as a user  
2. Goto "Edit Profile"  
3. Edit any field with "<script>alert("PKP")</script>"  
4. Save Profile  
5. You will be having a popup "PKP"  
  
`