bigkaka.com Stored Cross Site Scripting Vunlerability

2019.05.28
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################## # Title : bigkaka.com Stored Cross Site Scripting Vunlerability [ self xss ] # Author : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16 # Date : /28/05/2019 # Home : Annaba ( Algeria ) # Tested on : Linux ( Backbox ) ############################################################## # Bac 2020 nchaleh faha -_- # PoC All input fields are vunlerable to XSS vunlerability :V :V [ * ] Register as user then login to your account [ * ] Go on My Profile and inject This payload "><script>alert("own3d by by bassem");</script> on the first name input field and last name both are vunlerable And finally the alert box will pop up as usuall [ + ] Try to refuse your profile page and the alert box will pop up every time you did [ + ] Impact : on this situation this vunlerability is not at all dangerous casue it will only affect the same user that loged with the same password if anything is wrong above please execuse me i m newbie + my grammer is so bad sorry guys ------------------------------------------------------------------------------------------------------------------------ sh00tz to : My Pc -------------------------------------------------------------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top