Alibaba Clone Script 1.0.2 Cross Site Scripting

2018-02-2300:00:00

Prasenjit Kanti Paul

packetstormsecurity.com

0.0005 Low

EPSS

Percentile

17.5%

JSON

`#######################################################  
# Exploit Title: Alibaba Clone Script 1.0.2 a Stored XSS  
# Date: 09.02.2018  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/  
# Category: Web Application  
# Exploit Author: Prasenjit Kanti Paul  
# Web: http://hack2rule.wordpress.com/  
# Version: 1.0.2  
# Tested on: Linux Mint  
# CVE: CVE-2018-6867  
#######################################################  
  
Proof of Concept  
-----------------  
1. Login into the site  
2. Goto aEdit Profilea  
3. Put <script>alert("PKP")</script> in any field  
4. You will be having a popup aPKPa  
  
`

0.0005 Low

EPSS

Percentile

17.5%

JSON

Related for PACKETSTORM:146554