Home > CVE > CVE-2018-15189:Advanced Real Estate Script -4.0.9- has Stored XSS

CVE-2018-15189:Advanced Real Estate Script -4.0.9- has Stored XSS

CVE-2018-15189-Vikas chaudhary

My self Vikas chaudhary .I’m Cyber Security Analyst ,I found that specified PHP Scripts Mall Auditor Website 2.0.1 has XSS Vulnerability. To exploit this vulnerability, the following steps were taken.

VENDOR SUMMARY :-< PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative PHP scripts PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various verticals and domains.. It has 300 plus PHP scripts ready to buy.

DESCRIPTION :-< XSS, is a way of bypassing the SOP concept. Whenever HTML code is generated dynamically, and the user input is not sanitized and is reflected on the page an attacker could insert his own HTML code. The web browser will still show the user’s code since it pertains to the website where it is injected. Stored XSS Vulnerability is found in Specified Vendor .By storing a payload there, an admin or guest user can be attacked by an attacker without tricking them to visit a malicious web site or clicking on any malicious link.

1. Go to the Vendor Product Link => https://www.phpscriptsmall.com/product/advanced-real-estate-script/ or Click Here

2- Click on => Sign In /Join => Register=> Individual and then fill the Form using your mail id ,

CVE-2018-15189-Vikas chaudhary

3-Now fill the Captcha and click on submit

4-Goto your mail and Verify it.

5-Now come back to site and Sign in using your Verified mail and Password.

6- Go to Profile =>Edit Profile and Put this Script in Name

“>< *img src=x onerror=prompt(/VIKAS/)>

CVE-2018-15189-Vikas chaudhary

[ Note=> Remove * from script]

and click on Update

7- You will having a popup of /VIKAS/ when you refresh the page ..

CVE-2018-15189-Vikas chaudhary
CVE-2018-15189-Vikas chaudhary

My Previous CVE (Visit Once)…

ALL CVE
CVE-2018-15188
CVE-2018-15187
CVE-2018-15186
CVE-2018-15185
CVE-2018-15184
CVE-2018-15183
CVE-2018-15182
CVE-2018-15181
CONTACT US




Summary
Article Name=>
CVE-2018-15189
Description=>
Advanced Real Estate Script -4.0.9- has Stored XSS Vulnerability if Found by Admin of this Blog Vikas Chaudhary.
Author=>
Publisher Name=>
www.gkaim.com
Admin
Welcome Sir, .. Myself Vikas Chaudhary , i was interested in general knowledge since childhood , so i thought why not to share my knowledge with you, that's why i created this educational blog. Here you find world wide general knowledge of all Latest technology , Science & History Que , and Mysterious fact of the world. Here you also find knowledge about cyber security. Thanks for visit.. keep supporting....keep Loving
https://www.gkaim.com

Leave a Reply

Your email address will not be published.