Mouse Media Script 1.6 Cross Site Scripting

2014.11.14
Credit: Halil Dalabasmaz
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: \"is your best source of fun.\" inurl:/view/popular

# Exploit Title: Mouse Media Script Stored XSS Vulnerability # Google Dork: "is your best source of fun." inurl:/view/popular # Date: 04-10-2014 # Exploit Author: Halil Dalabasmaz # Version: v1.6 # Software Link: http://codecanyon.net/item/mouse-media-script/7773254 # Software Test Link: http://media.nisgeo.com # Tested on: Kali Linux & Iceweasel 31.2.0 # Sample Payload: "><script>alert(document.cookie);</script> # Attack Description: Login to system and upload any of your image. When uploading the image you need to enter the XSS payload to "Title" or "Description" inputs. And then you can visit th?s home page to check the uploaded payload. All these uploaded image and payload were completed succesfully then all visitors and logged users will be affected by this vulnerability.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top