PHP-Script-Mall Personal Video Collection Script has Stored XSS in edit my Profile:[CVE-2019-9606]



Vulnerability Description => Cross-site scripting is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.





↡ ↡ ↡ How to Exploit ↡ ↡ ↡




1. Go to the site (http://readymadeb2bscript.com/demo/streamme/).
⇓ ⇓ ⇓ ⇓




2. Create a new account
⇓ ⇓ ⇓ ⇓




3. Then login into your account and click on edit account info
⇓ ⇓ ⇓ ⇓




4. Now change Full name area to XSS script [ ‘”</Script><Html /Onmouseover=(alert)(1) // ]
⇓ ⇓ ⇓ ⇓




5. Click on save changes and You will see an XSS popup onscreen
⇓ ⇓ ⇓ ⇓

*** Also log out and log in again your account, You will see an XSS popup onscreen. ***

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: