Hot Script Clone Script Classified 3.1 Cross Site Scripting

2018-02-07T00:00:00
ID PACKETSTORM:146290
Type packetstorm
Reporter Prasenjit Kanti Paul
Modified 2018-02-07T00:00:00

Description

                                        
                                            `######################################################################################  
# Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS  
# Date: 06.02.2018  
# Exploit Author: Prasenjit Kanti Paul  
# Web: http://hack2rule.wordpress.com/  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/  
# Category: Web Application  
# Version: 3.1  
# Tested on: Linux Mint  
# CVE: na  
#######################################################################################  
  
Proof of Concept  
=================  
1. Login to Hot Scripts Clone : Script Classified  
2. Select Any Ads  
3. Goto below review section and put "<script>alert("PKP")</script>" as  
title or description  
4. You will have popup of "PKP"  
  
`