Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIndoushkaPACKETSTORM:174337
HistoryAug 28, 2023 - 12:00 a.m.

Hesk Rtl CMS 1 Cross Site Scripting

2023-08-2800:00:00
indoushka
packetstormsecurity.com
116
vulnerability
xss
hesk rtl cms
ajax.php
JSON
`====================================================================================================================================  
| # Title : Hesk Rtl CMS v1 XSS Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |  
| # Vendor : https://p30vel.ir |  
| # Dork : فارسی سازی توسط وحید مجیدی / اسکریپت دات کام |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] This vulnerability affects : /Hesk/ajax.php.   
  
[+] Attack details :  
  
URI was set to ;997612"():;991161  
The input is reflected inside <script> tag between double quotes  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================  
`
JSON