https://imgur.com/7r6t6uq
Beach Bash! - [June 1st - July 1st]
Comments
-
# Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection # Dork: N/A # Date: 2018-05-18 # Exploit Author: Sina Kheirkhah || (Sina.For.Sec@gmail.com) # Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ # Vendor Homepage: https://www.joomlaextensions.co.in/ # Version: 2.10 # Category: Webapps # CVE: N/A # # # #POC-1) Cross site scripting (XSS) : # # # Description: # # 1)create a profile # 2)you can use your payload in profile info page # 3)for example in Address field you can use "> # 4)now the Payload will be executed whenever someone visits your profile # # # POC-2) SQL Injection: # # Description: # 1)the website has filtered all the inputs for sql injection BUT # you can use the user_setting page in order to Inject SQL code # by using POST method # http://localhost/ekrishta/index.php/profile/user_setting # # # # # # ا
Categories
- All Categories
- Z8Games
- 1 Z8 Forum Discussion & Suggestions
- 15 Z8Games Announcements
- Rules & Conduct
- 2.5K CrossFire
- 709 CrossFire Announcements
- 712 Previous Announcements
- 2 Previous Patch Notes
- 321 Community
- 12 Modes
- 392 Suggestions
- 16 Clan Discussion and Recruitment
- 73 CF Competitive Forum
- 1 CFCL
- 16 Looking for a Team?
- 523 CrossFire Support
- 7 Suggestion
- 15 CrossFire Guides
- 35 CrossFire Off Topic