Advertisement






Simple Upload dan Download File Cross Site Scripting

CVE Category Price Severity
Not specified CWE-79 Not disclosed High
Author Risk Exploitation Type Date
Not specified High Remote 2018-12-26
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120223

Below is a copy:

Simple Upload dan Download File Cross Site Scripting
***************************************************
# Exploit Title: Simple Upload dan Download File Cross Site Scripting ( XSS ) Vulnerability
# Google Dork: inurl:/download.php "Tgl. Upload"
# Exploit: /upload.php
# Date: 26/12/2018
# Author: 0N3R1D3R
# Team: Indonesia To World Team
# Tested on: Windows 10 x64
***************************************************
[+] Search the dork in Google
[+] Exploit the site with /upload.php
[+] Give your payload xss and upload docx file or other
[+] Success? Look at /download.php
***************************************************
[+] Demo Site
[+] http://muhammadsyarif.my.id/ti15e1/upload.php
[+] http://www.spareparttruk.com/data/upload.php
[+] http://www.ifaupdate.com/upload.php
***************************************************
[+] Proof Of Concept
[+]http://cvindomedia.com/login/donlodsimwasda/download.php
***************************************************
Thanks To Indonesia To World Team

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.