-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Exploit Title: ClipShare Pro 4.1 Persistent XSS Vulnerability # Date: 13-11-2010 # Author: Th3 RDX # Software Link: http://www.clip-share.com/order/ # Version: 4.1 # Price: $452 # Tested on: Demo Site # category: webapp # Code : n/a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r, Sid3^effects, L0rd CruSad3r, Sonic , r0073r(inj3ct0r.com) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, G00g!3 W@rr!0r, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- INDIAN CYBER ARMY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- %// ----- [ Founder ] ----- Th3 RDX ----- [ E - mail ] ----- th3rdx@gmail.com %\\ %// ----- [Title] ----- ClipShare Pro 4.1 Persistent XSS Vulnerability ----- [ Vendor ] ----- http://www.clip-share.com ----- [ Bug (s) ] ----- ----- [ Persistent XSS ] ----- Proof of Concepts: ------------------ Step 1) Login into admin Section Link: http://clipshare/siteadmin/ Step 2) Go to Advertising -[XSS Bug present in following]- => Add Banner / Edit Banner -[XSS Code]- => "><script>alert(document.cookie)</script> Step 3) Enter your Attack Pattern to title of banner Step 4) Refresh and View your adds Note: The XSS Also remains in admin panel XSS IS ALSO AVAILABLE IN VIDEO MANAGING SECTION %\\