CVE-2018-20640-vikas-chaudhary

CVE-2018-20640-PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS)

**********************************************
# Exploit Title: PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.
# Date: 30.12.2018
# Site Title : JOB SITE (Job Portal)
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link: http://freelancewebdesignerchennai.com/demo/job-portal/
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox ,
# CVE-2018-20640.
********************************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description=> Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
***********************************************
——————————-
Proof of Concept:-
——————————-
1. Go to the site ( http://freelancewebdesignerchennai.com/demo/job-portal/ ) .
2- Click on REGISTER page (Register now) .
3- Register by giving you name ,mail and soo on…
4- Verify your mail
5- Come to side and login using your verified mail
6 -When you Logged in
7-go to edit profile and in Full Name paste this Code

“*><*img src =x onError=alert(“VIKAS”)>
NOTE=> Remove * from Code.
7-You will have a popup=> /VIKAS/

Comment Please