Photo Sharing Script Xss Vulnerability

2018.03.09

indoushka (DZ)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| # Title : Photo Sharing Script Xss Vulnerability
| # Author : indoushka
| # Vondor : www.p30vel.ir
| # Dork : Copyright © 2011 Photo Sharing Script Nulled By P30vel.ir Powered by Free PHP Script
===================================================================================================
Cross site scripting (verified) :
This vulnerability affects /upload/signup.
Discovered by: Scripting (XSS.script).
Attack details
URL encoded POST input password was set to 711%24%24w0rD" onmouseover=prompt(771818860) bad="
The input is reflected inside a tag parameter between double quotes.
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | |
|
=======================================================================================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Photo Sharing Script Xss Vulnerability

Dork: Copyright © 2011 Photo Sharing Script Nulled By P30vel.ir Powered by Free PHP Script

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.