Home > CVE > CVE-2018-13256 : PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.

CVE-2018-13256 : PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.

CVE-2018-13256 – Vikas Chaudhary

My self Vikas chaudhary .I’m Cyber Security Analyst ,I found that specified PHP Scripts Mall Auditor Website 2.0.1 has XSS vulnerability via the lastname or firstname parameter. To exploit the vulnerability, the following steps were taken.

Step 1-
Go to site “ http://74.124.215.220/~projclient/client/auditor/ ” or CLICK HERE
CVE-2018-13256 - Vikas Chaudhary

Step 2-
Select REGISTER page (Register now)

CVE-2018-13256 - Vikas Chaudhary

Step 3-
Create an account using your Email address => in FIRST NAME and LAST NAME , put this script
< *img src =x onError=alert("VIKAS")> [ Note=> Remove * from script]

CVE-2018-13256 - Vikas Chaudhary

Step 4-
Now Check your Email and Verify it.

CVE-2018-13256 - Vikas Chaudhary

Step 5-
Again come to site and login it using your Verified Email and Password .

CVE-2018-13256 – Vikas Chaudhary
CVE-2018-13256 – Vikas Chaudhary

Step 6-
You will having popup
VIKAS in you account when you loged in.

CVE-2018-13256 – Vikas Chaudhary
CVE-2018-13256 – Vikas Chaudhary

>>Click here to Contact Me< <<



Summary
Article Name=>
CVE-2018-13256 - Vikas Chaudhary
Description=>
PHP Scripts Mall Auditor Website 2.0.1 has XSS vulnerability via the lastname or firstname parameter.
Author=>
Publisher Name=>
www.gkaim.com
Admin
Welcome Sir, .. Myself Vikas Chaudhary , i was interested in general knowledge since childhood , so i thought why not to share my knowledge with you, that's why i created this educational blog. Here you find world wide general knowledge of all Latest technology , Science & History Que , and Mysterious fact of the world. Here you also find knowledge about cyber security. Thanks for visit.. keep supporting....keep Loving
https://www.gkaim.com

3 thoughts on “CVE-2018-13256 : PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.

Leave a Reply

Your email address will not be published.

%d bloggers like this:
\