CVE-2018-16453 Domain Lookup Script 3.0.5- Stored XSS via Search by Whois

I found that specified Exploit Title: Domain Lookup Script 3.0.5- Stored XSS via Search by Whois. To exploit this vulnerability, the following steps were taken.

1.Go to the site ( http://under24usd.com/demo/whois/ ) .

2-Goto Homepage => Search by Whois and paste this code in
Type Your Keyword => <*IMG"""><*SCRIPT>alert(“SARAFRAZ KHAN”)“>and then click on Search.

3-Now You will having popup of /SARAFRAZ KHAN/ in the page..

Note=> Please Remove * from the Code

Leave a Comment