Lucene search
Vikas ChaudharyPACKETSTORM:148790HistoryAug 02, 2018 - 12:00 a.m.
Chartered Accountant : Auditor Website 2.0.1 Cross Site Scripting
2018-08-0200:00:00
Vikas Chaudhary
packetstormsecurity.com
19
0.001 Low
EPSS
Percentile
40.9%
`*******************************************************************************************
# Exploit Title: Chartered Accountant : Auditor Website 2.0.1 - Reflected , Stored XSS
# Date: 26.06.2018
# Site Titel : Find your needs on Domain Name
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/cms-auditor-website/
# Category: Web Application
# Version: 2.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE: CVE-2018-13256
*****************************************************************************************
Proof of Concept:-
--------------------------
1. Go to the site ( http://server/auditor/ ) .
2- Select REGISTER page (Register now) .
3- Create an account using your Email address => in FIRST NAME , LAST NAME ,and PASSWORD put this script <img src =x onError=alert("VIKAS")>
4- Now Check your Email and verify it .
5- Again come to site and login it using your verified Email and Password .
6- You will having popup VIKAS in you account when you loged in .
***************************************************************************************
`
Related
cvelist
cvelist
CVE-2018-13256
2018-07-09 12:00:00
zdt
zdt
exploitdb
exploitdb
Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
2018-08-02 00:00:00
nvd
nvd
CVE-2018-13256
2018-07-09 12:29:00
cve
cve
CVE-2018-13256
2018-07-09 12:29:00
prion
prion
Default credentials
2018-07-09 12:29:00