Home Tools Exploits & CVE's Lawyer CMS 1.6 Cross Site Scripting

Lawyer CMS 1.6 Cross Site Scripting

July 18, 2023

275

Authored by CraCkEr

Lawyer CMS version 1.6 suffers from a cross site scripting vulnerability.

# Exploit Title: Lawyer CMS 1.6 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 16/07/2023
# Vendor: phpscriptpoint
# Vendor Homepage: https://phpscriptpoint.com/
# Software Link: https://demo.phpscriptpoint.com/lawyer/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site



## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials



Path: /lawyer/page.php

URL parameter is vulnerable to RXSS

https://website/lawyer/page.php/[XSS]?slug=blog&page=2


Path: /lawyer/search.php

URL parameter is vulnerable to RXSS

https://website/lawyer/search.php/[XSS]?search_string=&page=2



[-] Done

Lawyer CMS 1.6 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Organizations patch CISA KEV list bugs 3.5 times faster than others,...

Ukraine records increase in financially motivated attacks by Russian hackers

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Vanguard 2.1 Cross Site Scripting

FLEX 1080/1085 Web 1.6.0 Information Disclosure

PFSense 2.5.0 Cross Site Scripting