exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34675
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Gonafish WebStatCaffe due to improper input sanitization. The PoC provides a crafted URL that injects arbitrary JavaScript code into the 'visitorduration.php' page.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34679
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Gonafish WebStatCaffe due to improper input sanitization. The PoC shows how arbitrary script code can be executed in the context of the affected site via a crafted URL.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34678
This exploit demonstrates a reflected XSS vulnerability in Gonafish WebStatCaffe due to improper input sanitization. The PoC injects arbitrary JavaScript via the 'date' parameter in pageviewerschart.php.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34677
This exploit demonstrates a reflected XSS vulnerability in Gonafish WebStatCaffe due to improper input sanitization. The PoC URL injects arbitrary JavaScript code via the 'date' parameter, which executes in the context of the affected site.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34676
This exploit demonstrates a reflected XSS vulnerability in Gonafish WebStatCaffe by injecting arbitrary JavaScript via the 'date' parameter in pageviewerschart.php. The payload bypasses basic sanitization using HTML encoding and line breaks.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/34674
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Gonafish WebStatCaffe by injecting arbitrary script code via unsanitized user input in the 'nodayshow' parameter. The PoC uses a crafted URL to trigger an alert dialog, confirming the vulnerability.
Classification
Working Poc 90%
Target:
Gonafish WebStatCaffe
No auth needed
Prerequisites:
Access to the vulnerable web application