Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

2018.05.17

Credit: L0RD

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
# Date: 2018-05-16
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
# CVE: N/A
# Version: 2.5
# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
# can set malicious payload into the vulnerable parameter.
# POC :
1) click on the "sit" button in the web page
2) Put this payload into the "name" input and set wallet number :
<script>alert(document.domain)</script>
3) You will get an alert box in the page .

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.