Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

EDB-ID: 45141 Author: Vikas Chaudhary Published: 2018-08-03
CVE: CVE-2018-14082 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Cross-Site Scripting (XSS)
E-DB Verified: Waiting verification Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
*******************************************************************************************
# Exploit Title:  Entrepreneur Job Portal Script 3.0.1-  has Stored XSS via Search bar and Location 
# Date: 14.07.2018
# Site Titel : JOB SITE (Job Portal)
# Vendor Homepage:  https://www.phpscriptsmall.com/
#Vendor Software: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
# Software Link:   http://freelancewebdesignerchennai.com/demo/job-portal/ 
# Category: Web Application
# Version: 3.0.1
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web:  https://gkaim.com/
#Published On: https://gkaim.com/cve-2018-14082-vikas-chaudhary/
# Tested on: Windows 10 -Firefox ,
# CVE: CVE-2018-14082
*****************************************************************************************
------------------------------------------------------ .
Proof of Concept:- 
-------------------------------------------------------
1. Go  to the  site ( http://server.com/job-portal/ ) .
2- Click on  REGISTER page  (Register now) .
3- Register by giving you name ,mail and soo on...
4- Verify your mail
5- Come to side and login using your verified mail
6 -When you Loged in 
In search bar (keywords, skills , Destination) paste   "><svg/onload=alert(/VIKAS/)>  and in location paste  "><svg/onload=alert(/CHAUDHARY/)>  and click on Search
 
7-You will have 2 popup=> /VIKAS/   and  /CHAUDHARY/


Related Exploits

Trying to match CVEs (1): CVE-2018-14082
Other Possible E-DB Search Terms: Entrepreneur Job Portal Script 3.0.1,  Entrepreneur Job Portal Script
Date D V Title Author
2016-10-07 Waiting verification Entrepreneur Job Portal Script 2.06 - SQL InjectionOoN_Boy
2017-12-08 Waiting verification Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL InjectionIhsan Sencan