Social Microblogging PRO 1.5 – Persistent Cross-Site Scripting

• Exploit Database
• 119 阅读

• 作者： Halil Dalabasmaz
  日期： 2014-12-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35659/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  # Exploit Title: Social Microblogging PRO 1.5 Stored XSS Vulnerability # Date: 29-12-2014 # Exploit Author: Halil Dalabasmaz # Version: v1.5 # Vendor Homepage: http://codecanyon.net/item/social-microblogging-pro/9217005 # Tested on: Chrome & Iceweasel   # Vulnerability Description:   ===Stored XSS=== "Web Site" input is not secure at Profile section. You can run XSS payloads on "Web Site" input.   Sample Payload for Stored XSS: http://example.com/">[xssPayload]   =Solution= Filter the input field against to XSS attacks. ================