CVE-2018-14869 : PHP Template Store Script- 3.0.6 – Stored XSS Vulnerability
CVE-2018-14869 founded by Sarafraz Khan who is the member of Indian Cyber Security Solutions. It is an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: PHP Template Store Script- 3.0.6
Date: 03-08-2018
CVE: CVE-2018-14869
Author: Sarafraz Khan
Overview:
Found that specified PHP Template Store Script- 3.0.6 – Stored XSS Vulnerability via Address, Bank Name,and A/c Holder Name. To exploit this vulnerability.
The following steps were taken:
Step 1:
Go to the site ( http://www.exclusivescript.com/ )
Step 2:
Click on => Login => Register => and then fill the Form and click on Register Now
Step 3:
Goto your mail and Verify it.
Step 4:
Now come back to site and Sign in using your Verified mail and Password.
Step 5:
Goto Setting => Personal information and paste these code in
Address line 1 => “*><*img src=x onerror=prompt(/SARAFRAZ/)>
Address Line 2 => “*><*img src=x onerror=prompt(/KHAN/)>
Bank name => “*><*img src=x onerror=prompt(/KING/)>
A/C Holder name => “*><*img src=x onerror=prompt(/GOOGLEQUEENS/)>
and then click on Update Profile.
Note=> Remove * From the Code
Step 6:
Now You will having popup of /SARAFRAZ/ , /KHAN/ , / KING/ and /GOOGLEQUEENS/ in you account..
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: