Home / os / winmobile

PHPMailer Cross Site Scripting

Posted on 26 June 2017

[-] Title : PHPMailer < 5.2.23 - Cross-Site Scripting [-] Author : Shahab Shamsi [-] Software Link : https://github.com/PHPMailer/PHPMailer [-] Version: [ 5.2.23 ] [-] Tested on : [ Kali , Windows ] [-] Category : Webapps [-] Date : 2017-06-22 Vulnerable page : /code_generator.php Vulnerable Source : 312: echo $from_name; 18: $from_name = $_POST['From_Name'] : ''; 313: echo $from_email; 19: $from_email = $_POST['From_Email'] : ''; 314: echo $to_name; 20: $to_name = $_POST['To_Name'] : ''; 315: echo $to_email; 21: $to_email = $_POST['To_Email'] : ''; POC : http://localhost/code_generator.php step 1 = Go To Web Page = http://localhost/code_generator.php Step 2 = In the box : "From Email Address" AND "To Email Address" Step 3 = input box , Add JavaScript Code : <script>alert('XSS')</script> ************************ * ==> Contact Me : * Telegram : @Shahab_Shamsi * Email : info@securityman.org * WebSilte : WwW.iran123.Org ************************

 

TOP