VidiScript 1.0.3a Cross Site Scripting

2013.10.09
Credit: Gabby
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: Powered By VidiScript 1.0.3a

################################################################################################# # __________.__ _________ _________ # \__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __ # | | | | \_/ __ \ / \ \/\_ __ \/ _ \ \/ \/ / ___/ / \ \/\_ __ \_/ __ \ \/ \/ / # | | | Y \ ___/ \ \____| | \( <_> ) /\___ \ \ \____| | \/\ ___/\ / # |____| |___| /\___ > \______ /|__| \____/ \/\_//____ > \______ /|__| \___ >\/\_/ # \/ \/ \/ \/ \/ \/ # # #http://thecrowscrew.org ################################################################################################## # Exploit Title: VidiScript Persistent XSS Vulnerability # Author: Gabby # Google Dork: Powered By VidiScript 1.0.3a # Software Link: http://www.vidiscript.com/ ################################################################################################## poc : 1. register first -> http://site.com/register.php than go to edit ur profile on http://site.com/usermenu/profile put ur xss script on "About Me" form u will find ur xss on http://site.com/profile/ur_user_name 2. register first -> http://site.com/register.php go to http://site.com/upload give a title on title form,.. put ur xss script on "description" form.. (in this case u can put ur xss script on "description" form n "embed code" form.. } chose the category.. upload ur fake file use .mp4 / .flv / .mp3 / .jpg / etc n upload,. u will find ur xss on : http://site.com/play/category/ur_title example : http://www.mymediaempire.com/profile/bie http://www.kontraktkillers.eu/profile/bie http://arryn.be/vidiscript/profile/bie http://www.yehtronservices.info/vidi/play/Main_Category/tes http://www.yehtronservices.info/vidi/play/Main_Category/bie http://restaurantsinmytown.com/video/play/Restaurant_Reviews/bie http://uxoservices.com/videostream/play/Main_Category/bie ################################################################################?################# Thanks to : Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, y0g4, my "Dad", my sista Wii, cW3 G4pt3K, Red-x, Vanda, Deb, Sultan, Meninbox, Jr Blender, n all my luvly friend,.. Greets to : Yogyacarderlink, SurabayaBlackhat,..^^ luv to Bruno mars,. ayem_lagi_galau_tengkiu_buat_lagunya -_- ################################################################################?#################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top