CVE-2018-20642-PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service

**********************************************
# Exploit Title: PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.
# Date: 30.12.2018
# Site Title : JOB SITE (Job Portal)
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link: http://freelancewebdesignerchennai.com/demo/job-portal/
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox ,
# CVE-2018-20642.
*************************************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description :- A Buffer Overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. Buffer overflow Vulnerability is found in Specified Vendor By uploading these types of malicious code an attacker can change or redirect the admin or guest user to any infectious link or also can harm the full site by changing site interface .
**************************************************
——————————————-
Proof of Concept:-
——————————————-
1. Go to the site ( http://freelancewebdesignerchennai.com/demo/job-portal/ ) .
2- Click on REGISTER page (Register now) .
3- Register by giving you name ,mail and soo on…
4- Verify your mail
5- Come to side and login using your verified mail
6 -When you Logged in
7-go to edit profile and in KeySkills then paste this Code


8-You will see your Page Will Changed and you can’t be able to Edit your profile

Comment Please