Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-01-16 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:9.8/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
==================================================================================================================================== | # Title : Datoo - Complete Dating Script v1.0 HTML CODE Inject Vulnerability | | # Author : indoushka | | # email : [email protected] | | # Tested on : windows 10 Franais V.(Pro) | | # Version : v1.0 | | # Vendor : http://www.codelist.cc/scripts/232821-datoo-v10-complete-dating-script.html | | # Dork : http://nelliwinne.net/ | ==================================================================================================================================== poc : HTML CODE inject : [+] Dorking n Google Or Other Search Enggine . [+] create a new use and after login go messages and pastehtml code . [+] use payload : </tr> <td align="center"><a href="https://packetstormsecurity.com/files/authors/7697"><img src="https://packetstatic.com/img1398360120/ps_logo.png" alt="" width="650" height="120" border="0" /></a> </tr> Disconnect the database : [+] use path : /install/ after adding the path they give you page to enter database configuration . you can type any thing or press install script. https://wzy.ro/install/ backdoor account : https://www.lifeisnowbrasil.com.br/admin/dashboard.php user : [email protected] pass : admin Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.