*********************************
# Exploit Title: Advanced Real Estate Script -4.0.9- has BufferOverflow
# Date: 04.08.2018
# Site Title : Realestate
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software link : https://www.phpscriptsmall.com/product/advanced-real-estate-script/
# Category: Web Application
# Version: 4.0.9
# Exploit Author: Vikas Chaudhary
# Contact: https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Published on : https://gkaim.com/cve-2018-15188-vikas-chaudhary/
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-15188

****************************
# VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative.
PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record
in completion and implementation of numerous projects in various verticals and domains..
It has 300 plus PHP scripts ready to buy.

# DESCRIPTION :- A Buffer Overflow, or buffer overrun, is a common software coding mistake that an attacker
could exploit to gain access to your system. Buffer overflow Vulnerability is found in Specified Vendor
By uploading these types of malicious code an attacker can change or redirect the admin
or guest user to any infectious link or also can harm the full site by changing site interface .

***********************
Proof of Concept:-
————————-
1- Go to Site
2- Click on => Sign In /Join => and then fill the Form using your mail id ,
3-Now fill the Captcha and click on submit
4-Goto your mail and Verify it.
5-Now come back to site and Sign in using your Verified mail and Password.
6- Go to Profile =>Edit Profile and Put this Script in Name

<div id=d><x xmlns=”><iframe onload=javascript:alert(1)”></div> <script>d.innerHTML=d.innerHTML</script>

and click on Update
7- You will See that your Page structure will Change and again when you refresh it everything will be lost.