Home Tools Exploits & CVE's Carlisting 1.6 Cross Site Scripting

Carlisting 1.6 Cross Site Scripting

July 18, 2023

273

Authored by CraCkEr

Carlisting version 1.6 suffers from a cross site scripting vulnerability.

# Exploit Title: Carlisting 1.6 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 16/07/2023
# Vendor: phpscriptpoint
# Vendor Homepage: https://phpscriptpoint.com/
# Software Link: https://demo.phpscriptpoint.com/carlisting/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site



## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials



Path: /carlisting/search.php

GET parameter 'country' is vulnerable to RXSS
GET parameter 'state' is vulnerable to RXSS
GET parameter 'city' is vulnerable to RXSS


https://website/carlisting/search.php?brand_id=1&model_id=1&car_condition=New%20Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=[XSS]&state=[XSS]&city=[XSS]



[-] Done

Carlisting 1.6 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Early Bitcoin Investor Roger Ver Arrested for Tax Fraud

Carmakers lying about requiring warrants before sharing location data, Senate probe...

FBI searched Section 702 database half as much in 2023, Biden...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Unified Remote 3.9.0.2463 Remote Code Execution

Ransom.REvil MVID-2022-0596 Code Execution

Trixbox 2.8.0.4 Path Traversal