Lucene search
ManhNhoPACKETSTORM:147251HistoryApr 18, 2018 - 12:00 a.m.
Match Clone Script 1.0.4 Cross Site Scripting
2018-04-1800:00:00
ManhNho
packetstormsecurity.com
21
EPSS
0.001
Percentile
45.5%
`########################################################################
# Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting
# Date: 23.02.2018
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/match-clone/
# Category: Web Application
# Exploit Author: ManhNho
# Version: 1.0.4
# Tested on: Window 10 / Kali Linux
# CVE: CVE-2018-9857
##########################################################################
Description
------------------------
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to
searchbyid.php (aka the "View Search By Id" screen).
Proof of Concept
------------------------
1. Access to site
2. Choose aSearcha
3. Choose "View Search By Id"
3. Put <script>alert('ManhNho')</script> in search field
4. You will be having a popup: ManhNho
References:
------------------------
https://pastebin.com/Y9uEC4nu
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9857
`
Related
cve
cve
CVE-2018-9857
2018-04-09 07:29:00
nvd
nvd
CVE-2018-9857
2018-04-09 07:29:00
exploitpack
exploitpack
Match Clone Script 1.0.4 - Cross-Site Scripting
2018-04-18 00:00:00
cvelist
cvelist
CVE-2018-9857
2018-04-09 07:00:00
prion
prion
Design/Logic Flaw
2018-04-09 07:29:00
zdt
zdt
Match Clone Script 1.0.4 - Cross-Site Scripting Vulnerability
2018-04-18 00:00:00
exploitdb
exploitdb
Match Clone Script 1.0.4 - Cross-Site Scripting
2018-04-18 00:00:00