CVE-2018-14869 : PHP Template Store Script- 3.0.6 – Stored XSS Vulnerability
CVE-2018-14869 founded by Sarafraz Khan who is the member of Indian Cyber Security Solutions. It is an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: PHP Template Store Script- 3.0.6
Author: Sarafraz Khan
Found that specified PHP Template Store Script- 3.0.6 – Stored XSS Vulnerability via Address, Bank Name,and A/c Holder Name. To exploit this vulnerability.
The following steps were taken:
Go to the site ( http://www.exclusivescript.com/ )
Click on => Login => Register => and then fill the Form and click on Register Now
Goto your mail and Verify it.
Now come back to site and Sign in using your Verified mail and Password.
Goto Setting => Personal information and paste these code in
Address line 1 => “*><*img src=x onerror=prompt(/SARAFRAZ/)>
Address Line 2 => “*><*img src=x onerror=prompt(/KHAN/)>
Bank name => “*><*img src=x onerror=prompt(/KING/)>
A/C Holder name => “*><*img src=x onerror=prompt(/GOOGLEQUEENS/)>
and then click on Update Profile.
Note=> Remove * From the Code
Now You will having popup of /SARAFRAZ/ , /KHAN/ , / KING/ and /GOOGLEQUEENS/ in you account..
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: