SadafBlog Script Cross Site Scripting Stored

Published
Credit
Risk
2017.06.19
GIST
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: inurl:list.php intitle:فهرست وبلاگ ها

* Title : SadafBlog Script Cross Site Scripting ( Xss Stored )
* Date : 6/19/2017
* Dork : inurl:list.php intitle:فهرست وبلاگ ها
* Author : GIST
* YouTube : https://youtu.be/a1hN9KC3wUQ
* Version : All Version
* Script Download : https://goo.gl/d7yDrt
* Vendor HomePage : -
* Tested On : Windows 10


About Script :

Sadaf Blog SCript for blogs is beautiful and diverse capabilities
including the ability to recruit blogs, etc.

Some Of Facilities Of Sadaf Blog Script :
1-Allowing verification of reader comments to display
2-Assign a URL
3-The possibility of exclusive design templates or change in form, color and design blog
4-Ability to insert labels for each entry
5-Allocates 300 MB for upload in the blog admin panel
And ...


Exploit :

1- Open Target

2- Register A New Weblog ( Usually You Can Find It 'register' or 'register.php' )

3- Complet Fields.

4- In Field Of Title Weblog Have To Use Inspect Element To Removing restrictions Of Character

Delete This Part ' maxlength="60" '

5- Input Your Deface Page in Title WEblog Filed

6-Click Save And Go To List Of Weblogs ( Usually You Can Find It 'list' or 'list.php' )

7- You Will See Your Deface Page :)

Demo :

http://raziblog.ir/
http://shikblog.ir/
http://7blog.ir/


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com