# Exploit Title: Naukri / Shine / Jobsite Clone Script -3.0.4 – has Stored XSS Via USERNAME
# Date: 01.08.2018
# Site Titel : Jobsite Clone Script
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link :- https://www.phpscriptsmall.com/product/naukri-clone-script/
# Category: Web Application
# Version: 3.0.4
# Exploit Author: Vikas Chaudhary
# Published on : https://gkaim.com/cve-2018-15184-vikas-chaudhary/
# Contact: https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-15184

****************************
VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide
\ range of innovative. PHP Scripts Mall is a leading business and technology firm with 12years of
successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

VULNERABILITY DESCRIPTION :- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious
scripts are injected into otherwise benign and trusted websites.XSS attacks occur when an attacker
uses a web application to send malicious code, Attacker can Change the web interface or can
dedirect to Admin or User to any malicious Link.

**************************
Proof of Concept:-
————————–
1. Go to the software link
2- Select Register With Job Portal page (Register now) .
3- Create an account using your Email address Password and soo on
4- Verify your mail address and come back to site and sign in .
5- Go to Profile=> Edit Contact Details and put this code in USERNAME => “></tag><svg onload=alert(/GKAIM/)><“ and click on Save
6- You will having a popup of /GKAIM/ .