Submeter #183171: Carlisting 1.6 - Reflected XSSinformação

TítuloCarlisting 1.6 - Reflected XSS
Descrição# Exploit Title: Carlisting 1.6 - Reflected XSS # Exploit Author: skalvin aka (CraCkEr) # Date: 16/07/2023 # Vendor: phpscriptpoint # Vendor Homepage: https://phpscriptpoint.com/ # Software Link: https://demo.phpscriptpoint.com/carlisting/ # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site ## Description The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /carlisting/search.php GET parameter 'country' is vulnerable to RXSS GET parameter 'state' is vulnerable to RXSS GET parameter 'city' is vulnerable to RXSS https://website/carlisting/search.php?brand_id=1&model_id=1&car_condition=New%20Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=[XSS]&state=[XSS]&city=[XSS] [-] Done
Utilizador
 skalvin (UID 49463)
Submissão16/07/2023 00h37 (há 3 anos)
Moderação23/07/2023 15h11 (8 days later)
EstadoAceite
Entrada VulDB235210 [phpscriptpoint Car Listing 1.6 /search.php country/state/city Script de Site Cruzado]
Pontos17

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!