Crea8Social 2.0 – Cross-Site Scripting Change Interface

• Exploit Database
• 119 阅读

• 作者： Yudhistira B W
  日期： 2015-01-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35691/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  # Exploit Title: Crea8Social v.2.0 XSS Change Interface # Google Dork: intext:Copyright © 2014 CreA8social. # Date: January 3, 2015 # Exploit Author: r0seMary # Vendor Homepage: http://crea8social.com # Software Link: http://codecanyon.net/item/crea8social-php-social-networking-platform-v20/9211270 or http://crea8social.com # Version: v.2.0 (Latest version) # Tested on: Windows 7 # CVE : - ================================================================================ Bismillahirahmanirahim Assalamualaikum Wr.Wb   --[Fatal Xss Vulnerability]-- 1. Register on the site 2. Go to Menu, Click Game 3. Add Game 4. At Game Content, enter your xss code. for example: <script>document.body.innerHTML="your text here"</script><noscript>   look at the result, the user interface change into your xss code ;)   Proof of Concept: http://104.131.164.9/demo/games/124 (Crea8Social Official Site)   ./r0seMary Wassalamualaikum.wr.wb