Home > CVE > CVE-2018-20639-PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection Vulnerability

CVE-2018-20639-PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection Vulnerability

CVE-2018-20639-vikas-chaudhary

************************************************
# Exploit Title: PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.
# Site Title : JOB SITE (Job Portal)
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link: http://freelancewebdesignerchennai.com/demo/job-portal/
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox ,
# CVE-2018-20639.
**************************************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description=> HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user’s trust.

—————————————————— .
Proof of Concept:-
——————————————————-
1. Go to the site ( http://freelancewebdesignerchennai.com/demo/job-portal/ ) .
2-In Search Bar paste this code

7-You will see a new Login Page

Admin
Welcome Sir, .. Myself Vikas Chaudhary , i was interested in general knowledge since childhood , so i thought why not to share my knowledge with you, that's why i created this educational blog. Here you find world wide general knowledge of all Latest technology , Science & History Que , and Mysterious fact of the world. Here you also find knowledge about cyber security. Thanks for visit.. keep supporting....keep Loving
https://www.gkaim.com

Leave a Reply

%d bloggers like this: